Linux.BackDoor.Fgt.1980
Added to the Dr.Web virus database:
2019-02-14
Virus description added:
2019-02-14
Technical Information
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
Manages services:
Launches processes:
- sh -c rm -rf /tmp/* /var/tmp/* /tmp/.* /var/tmp/.*
- rm -rf /tmp/* /var/tmp/* /tmp/. /tmp/.. /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix /var/tmp/. /var/tmp/..
- sh -c rm -rf /var/log/wtmp
- rm -rf /var/log/wtmp
- sh -c rm -rf /bin/netstat
- rm -rf /bin/netstat
- sh -c iptables -F
- sh -c pkill -9 perl
- pkill -9 perl
- sh -c pkill -9 python
- pkill -9 python
- sh -c service iptables stop
Performs operations with the file system:
Creates or modifies files:
Deletes files:
- /tmp/*
- /var/tmp/*
- /var/log/wtmp
- /bin/netstat
Network activity:
Establishes connection:
- 8.#.8.8:53
- 46.##.165.131:17769
Sends data to the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細