Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Packed.560
Aggiunto al database dei virus Dr.Web:
2019-08-14
La descrizione è stata aggiunta:
2019-08-13
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
/etc/init.d/developer
/etc/init.d/rcS_bak
/etc/init.d/rcS
/etc/rc.local
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Modifies firewall settings:
/sbin/iptables -F
/sbin/iptables -X
Manages services:
service iptables stop
systemctl stop iptables.service
service firewalld stop
systemctl stop firewalld.service
Launches processes:
sh -c rm -rf /tmp/* /var/tmp/*
rm -rf /tmp/* /var/tmp/*
sh -c echo 0>/var/log/wtmp
sh -c rm -rf /bin/netstat
rm -rf /bin/netstat
sh -c echo 0>/var/log/secure
sh -c service iptables stop
sh -c /sbin/iptables -F; /sbin/iptables -X
sh -c service firewalld stop
sh -c rm -rf ~/.bash_history
rm -rf /root/.bash_history
sh -c history -c
sh -c mount -o bind /tmp /proc/738
sh -c /bin/busybox cp <SAMPLE_FULL_PATH> /usr/sbin/developer
mount -o bind /tmp /proc/738
/bin/busybox cp <SAMPLE_FULL_PATH> /usr/sbin/developer
sh -c /bin/busybox cp <SAMPLE_FULL_PATH> /etc/init.d/developer
sh -c umount /proc/*
/bin/busybox cp <SAMPLE_FULL_PATH> /etc/init.d/developer
umount /proc/1 /proc/10 /proc/11 /proc/12 /proc/13 /proc/133 /proc/135 /proc/14 /proc/141 /proc/144 /proc/15 /proc/16 /proc/165 /proc/168 /proc/17 /proc/18 /proc/19 /proc/2 /proc/20 /proc/21 /proc/22 /proc/23 /proc/29 /proc/3 /proc/30 /proc/31 /proc/32 /proc/353 /proc/374 /proc/383 /proc/388 /proc/391 /proc/398 /proc/399 /proc/4 /proc/400 /proc/401 /proc/403 /proc/405 /proc/407 /proc/409 /proc/442 /proc/443 /proc/5 /proc/6 /proc/65 /proc/66 /proc/665 /proc/67 /proc/68 /proc/680 /proc/682 /proc/685 /proc/686 /proc/69 /proc/7 /proc/70 /proc/71 /proc/738 /proc/74 /proc/743 /proc/744 /proc/745 /proc/77 /proc/8 /proc/9 /proc/98 /proc/99 /proc/acpi /proc/buddyinfo /proc/bus /proc/cgroups /proc/cmdline /proc/consoles /proc/cpuinfo /proc/crypto /pro[rkmodule] [sh][PPID:0x2e7] [busybox][PID:0x2e9] vfs_getattr. path: \"<SAMPLE_FULL_PATH>\
sh -c /bin/busybox cp /etc/init.d/rcS /etc/init.d/rcS_bak
/bin/busybox cp /etc/init.d/rcS /etc/init.d/rcS_bak
sh -c /bin/busybox echo '/usr/sbin/developer self.load' >> /etc/init.d/rcS
/bin/busybox echo /usr/sbin/developer self.load
sh -c /bin/busybox echo '/etc/init.d/developer self.load' >> /etc/init.d/rcS
/bin/busybox echo /etc/init.d/developer self.load
sh -c echo '/usr/sbin/developer self.load' >> /etc/rc.local
sh -c echo '/etc/init.d/developer self.load' >> /etc/rc.local
sh -c /sbin/chkconfig --add mashiro
/sbin/chkconfig --add mashiro
sh -c setenforce 0
sh -c mount -o bind /tmp /proc/758
sh -c mount -o bind /tmp /proc/764
mount -o bind /tmp /proc/758
mount -o bind /tmp /proc/764
sh -c mount -o bind /tmp /proc/771
sh -c mount -o bind /tmp /proc/772
sh -c mount -o bind /tmp /proc/770
mount -o bind /tmp /proc/771
mount -o bind /tmp /proc/772
mount -o bind /tmp /proc/770
Performs operations with the file system:
Creates or modifies files:
/var/log/wtmp
/var/log/secure
/usr/sbin/developer
/run/mount/utab
Deletes files:
/tmp/*
/var/tmp/*
/bin/netstat
/root/.bash_history
/
Mounts file systems:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
18.###.226.29:13372
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
Sends data to the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK