Authorities Terminate Mumblehard Botnet Ceasing Spam Operation of 4,000 Infected Servers
Security vendor ESET has reported that the six-year-old botnet, Mumblehard has met its demise. In taking down Mumblehard, 4,000 Linux servers that were infected with the botnet are now no longer under the control of the malware threat where it has been hijacking such servers since 2010 to send spam messages.
When it comes to botnets, hackers and cybercrooks can control such infections that are commonly installed on a multitude of servers and then sent instructions to send out countless spam emails. Additionally, some botnets can be instructed to perform other malicious activities over the Internet. However, Mumblehard botnet was specifically instructed on upwards of 4,000 infected servers to send spam messages that potentially spread malicious infections to vulnerable computers.
ESET informed authorities of the Mumblehard botnet being under the control of servers located in Ukraine. Originally, the group in Ukraine was thought to using vulnerabilities in server software so they may infect websites from the botnet. Later, it was confirmed that PHP shell was installed allowing Mumblehard operators to buy access to run their malware on servers that were compromised.
Over the six years that Mumblehard botnet was active, its operators steadily changed its code that eventually lead to researchers finding out the location of its command and control (C&C) server, which is an IP located in Ukraine.
With over 4,000 servers compromised and infected with Mumblehard botnet, there has been a huge rash of spam being sent from the compromised servers. A sinkhole operation, initiated a few months ago, lead ESET to identifying and detecting the 4,000 compromised servers. From there, Ukraine authorities were able to take the collected information and shut down the Mumblehard botnet's command and control server.
Putting a stop to the Mumblehard botnet's C&C server has stalled the operation of Mumblehard and its spam spreading activities. Currently, CERT (Computer Emergency Response Team) in Germany is in the process of notifying all server owners that were affected by the Mumblehard botnet, which is now unable to connect to its control server for new instructions.
When botnets are severed by taking down of their C&C server, they are then considered to be in sleep state where they can no longer cause harm unless its operators have other means of contacting the botnet-infected servers from a new control. The process of alerting each of the server operators that were affected by Mumblehard botnet, even though it has reached its demise, is essential so operators can take the proper precautions to avoid future attacks, in addition to removing the Mumblehard malware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.