All the latest UK technology news, reviews and analysis

Hackers hit Unix servers to send 35 million spam messages a day

18 Mar 2014

A criminal group has seized control of 25,000 Unix servers since 2011, forcing them to send out more than 35 million malware-laden spam messages per day, according to security researchers at ESET.

ESET uncovered the campaign, which is codenamed Operation Windigo, during a joint operation with the German Bund Computer Emergency Response Team (CERT) and the Swedish National Infrastructure for Computing (SNIC) agency.

The attack reportedly used advanced malware designed to target the Unix servers. The malware let the hackers take control of the servers and use them to infect visitors to sites hosted on them with data-stealing code. The popular cPanel and Linux Foundation sites are confirmed victims of the Windigo hackers.

ESET security researcher Marc-Étienne Léveillé said: "Windigo has been gathering strength, largely unnoticed by the security community, for over two and a half years, and currently has 10,000 servers under its control.

"Over 35 million spam messages are being sent every day to innocent users' accounts, clogging up inboxes and putting computer systems at risk. Worse still, each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements."

Léveillé added that the malware used reacts differently to Mac and Windows systems. Sites under Windigo's command reportedly only attempt to infect Windows machines and simply redirect Mac users to non-malicious dating sites and iPhone users to pornographic webpages.

Léveillé said the advanced nature of the malware means victims will have to wipe infected systems and reinstall their operating systems and software from scratch.

"We realise that wiping your server and starting again from scratch is tough medicine, but if hackers have stolen or cracked your administrator credentials and had remote access to your servers, you cannot take any risks," he said.

"Sadly, some of the victims we have been in touch with know that they are infected, but have done nothing to clean up their systems – potentially putting more internet users in the firing line."

Using legitimate websites to spread malware is an increasingly common tactic within cyber criminal groups. Researchers at security firm Sucuri uncovered a similar campaign that had hijacked more than 162,000 legitimate WordPress sites earlier in March.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C++ Developer - Market Making exchange connectivity

C++ Developer - Market Making exchange connectivity...

C++ Developers - High throughput systems

C++ Developers - High throughput systems My client...

C++ Developer - High Frequency Trading

C++ Developer - High Frequency Trading A proven and...

Application Support - Wakefield - SQL / T-SQL / TCP/IP

Application Support - Wakefield - £22k + Company Car...
To send to more than one email address, simply separate each address with a comma.