Linux.Siggen.7292
Added to the Dr.Web virus database:
2024-04-27
Virus description added:
2024-04-27
Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
Performs operations with the file system:
Deletes folders:
- /etc/emacs
- /etc/fonts
- /etc/groff
- /etc/pam.d
- /etc/rc0.d
- /etc/rc1.d
- /etc/rc2.d
- /etc/rc3.d
- /etc/rc4.d
- /etc/rc5.d
- /etc/rc6.d
- /etc/rcS.d
- /etc/runit
Creates or modifies files:
Deletes files:
- /etc/oevua
- /etc/emacs
- /etc/fonts
- /etc/fstab
- /etc/groff
- /etc/group
- /etc/hosts
- /etc/issue
- /etc/magic
- /etc/pam.d
- /etc/rc0.d
- /etc/rc1.d
- /etc/rc2.d
- /etc/rc3.d
- /etc/rc4.d
- /etc/rc5.d
- /etc/rc6.d
- /etc/rcS.d
- /etc/runit
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:58005
- 127.0.0.1:50777
Establishes connection:
- 127.0.0.1:58005
- 127.0.0.1:50777
- 8.#.8.8:53
- [2######50:4010:c0d::79]:9
- 17#.##4.73.121:9
- 17#.##4.73.121:443
Sends data to the following servers:
- 8.#.8.8:53
- 17#.##4.73.121:443
Receives data from the following servers:
- 8.#.8.8:53
- 17#.##4.73.121:443
Other:
Collects CPU information
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細