All the latest UK technology news, reviews and analysis


Hackers hit Unix servers to send 35 million spam messages a day

18 Mar 2014
cyber-security-man

A criminal group has seized control of 25,000 Unix servers since 2011, forcing them to send out more than 35 million malware-laden spam messages per day, according to security researchers at ESET.

ESET uncovered the campaign, which is codenamed Operation Windigo, during a joint operation with the German Bund Computer Emergency Response Team (CERT) and the Swedish National Infrastructure for Computing (SNIC) agency.

The attack reportedly used advanced malware designed to target the Unix servers. The malware let the hackers take control of the servers and use them to infect visitors to sites hosted on them with data-stealing code. The popular cPanel and Linux Foundation sites are confirmed victims of the Windigo hackers.

ESET security researcher Marc-Étienne Léveillé said: "Windigo has been gathering strength, largely unnoticed by the security community, for over two and a half years, and currently has 10,000 servers under its control.

"Over 35 million spam messages are being sent every day to innocent users' accounts, clogging up inboxes and putting computer systems at risk. Worse still, each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements."

Léveillé added that the malware used reacts differently to Mac and Windows systems. Sites under Windigo's command reportedly only attempt to infect Windows machines and simply redirect Mac users to non-malicious dating sites and iPhone users to pornographic webpages.

Léveillé said the advanced nature of the malware means victims will have to wipe infected systems and reinstall their operating systems and software from scratch.

"We realise that wiping your server and starting again from scratch is tough medicine, but if hackers have stolen or cracked your administrator credentials and had remote access to your servers, you cannot take any risks," he said.

"Sadly, some of the victims we have been in touch with know that they are infected, but have done nothing to clean up their systems – potentially putting more internet users in the firing line."

Using legitimate websites to spread malware is an increasingly common tactic within cyber criminal groups. Researchers at security firm Sucuri uncovered a similar campaign that had hijacked more than 162,000 legitimate WordPress sites earlier in March.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Web developer (.NET) - digital agency - Reading - up to £50,000

Web developer (.NET) - digital agency - Reading - up...

IT Development Manager

This is a unique and senior opportunity to establish...

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...

Service Delivery Manager

Imagine a place that’s literally bursting with possibilities...
To send to more than one email address, simply separate each address with a comma.