We have seen these pop up over the last few years as the number of personal and small business websites explode. The use of simple content management systems like Joomla, Drupal and WordPress have helped this growth. Sadly it has also helped the growth of spammers, malware developers and other nefarious type on the internet.

Very recently ESET found a new form of malware that turns the host box (running Linux or BSD) into a nice spambot. The malware, called Mumblehard, gets into the system through vulnerabilities in both Joomla and WordPress. Once it gets a foot hold on your webserver it can send and receive commands along with being able to spam the world using your resources. ESET also feels that there is a link between this malware and a company called Yellsoft.

They feel this because the malware has been found in compromised copies of the Yellsoft program DirectMailer. Right now it looks like the compromised versions might be illegal copies that people are using with their websites. What makes things a little unusual is that the “bad guys” are still using IPs that are linked to Yellsoft. As you might imagine it has people wondering if the Russian software company might be involved. As of this writing there is no hard indication that they are, but they have also not responded to questions about this new report from ESET.

You can read more about Mublehard here