Linux.Siggen.7823
Added to the Dr.Web virus database:
2024-07-22
Virus description added:
2024-07-22
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /var/spool/cron/crontabs/root
Malicious functions:
Gains root privileges
Launches itself as a daemon
Manages services:
- ['systemctl', 'daemon-reload']
- ['systemctl', 'enable', 'shd.service']
Launches processes:
- tee /etc/systemd/system/shd.service
- sudo tee /etc/systemd/system/shd.service
- echo \x27@reboot /usr/bin/shd\x27 | crontab -
- sudo systemctl enable shd.service
- echo \x22[Unit]\x0aDescription=shd\x0aAfter=network.target\x0a\x0a[Service]\x0aExecStart=/usr/bin/shd test\x0aRestart=on-failure\x0a\x0a[Install]\x0aWantedBy=multi-user.target\x22 | sudo tee /etc/systemd/system/shd.service > /dev/null && sudo systemctl daemon-reload && sudo systemctl enable shd.service > /dev/null 2>&1;
- sudo systemctl daemon-reload
- crontab -
Performs operations with the file system:
Modifies file access rights:
- /var/spool/cron/crontabs/tmp.4ndtph
Creates or modifies files:
- /etc/systemd/system/shd.service
- /var/spool/cron/crontabs/tmp.4ndtph
Changes time of creation/access/modification of files:
Network activity:
Establishes connection:
- 8.#.8.8:53
- 14#.##.103.95:9999
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細