Linux.Packed.77
Added to the Dr.Web virus database:
2018-05-06
Virus description added:
2018-05-06
Technical Information
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
- iptables -I INPUT -p tcp --destination-port 23 -j ACCEPT
- iptables -I INPUT -p tcp --destination-port 80 -j DROP
- iptables -I INPUT -p tcp --destination-port 8080 -j DROP
Launches processes:
- sh -c echo 3 > /proc/sys/vm/drop_caches
- sh -c killall telnetd utelnetd scfgmgr
- sh -c iptables -I INPUT -p tcp --destination-port 23 -j ACCEPT
- sh -c iptables -I INPUT -p tcp --destination-port 8080 -j DROP
Attempts to kill the following processes:
- killall telnetd utelnetd scfgmgr
Kills the following processes:
Performs operations with the file system:
Deletes folders:
Creates or modifies files:
- /proc/sys/vm/drop_caches
- /root/catrunv1.2.pid
Deletes files:
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:12399
- 0.0.0.0:23
Establishes connection:
- 8.#.8.8:53
- <LOCAL_DNS_SERVER>
- 19#.##2.241.236:123
- 91.###.89.199:123
- 85.##.78.23:123
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- nt#.#buntu.com
- po##.ntp.org
Sends data to the following servers:
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細