Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Siggen.6732
Aggiunto al database dei virus Dr.Web:
2024-03-14
La descrizione è stata aggiunta:
2024-03-14
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
/etc/init.d/knlib
/var/spool/cron/crontabs/root
/etc/cron.d/.lib-knlib4
/etc/cron.hourly/.lib-knlib4
/etc/cron.daily/.lib-knlib4
/etc/cron.weekly/.lib-knlib4
/etc/cron.monthly/.lib-knlib4
Malicious functions:
Manages services:
['systemctl', 'daemon-reload']
['systemctl', 'enable', 'knlibe.service']
Launches processes:
pgrep -f klibsystem4
cp -f -r -- /bin/knlib5 /bin/klibsystem5
bash -c ufw disable
chattr +ia /var/spool/cron/.lib-knlib4
rm -rf -- klibsystem5
chattr +ia /bin/knlib5
chattr +ia /etc/systemd/system/knlibe.service
chattr +ia /etc/init.d/knlib
chattr +ia /etc/cron.weekly/.lib-knlib4
/usr/bin/pgrep pkill -f .klibsystem5
/bin/bash /etc/init.d/knlib start
bash -c echo \x22* * * * * /tmp/.klibsystem5 >/dev/null 2>&1\x22 | crontab -
crontab -
chattr +ia /etc/cron.d/.lib-knlib4
chattr +ia /etc/cron.daily/.lib-knlib4
chattr +ia /etc/cron.hourly/.lib-knlib4
pgrep -f klibsystem5
crontab -r
/usr/bin/pgrep pkill -f .klibsystem4
nohup ./klibsystem5
chattr +ia /etc/cron.monthly/.lib-knlib4
Performs operations with the file system:
Modifies file access rights:
/etc/init.d/knlib
/usr/bin/knlib5
/var/spool/cron/crontabs/tmp.YTm7K8
Creates or modifies files:
/etc/systemd/system/knlibe.service
/usr/bin/knlib5
/tmp/.klibsystem5
/var/tmp/.klibsystem5-x
/var/spool/cron/crontabs/tmp.YTm7K8
/var/spool/cron/.lib-knlib4
Changes time of creation/access/modification of files:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
5.##.80.215:80
18#.##2.128.146:443
DNS ASK:
Sends data to the following servers:
Receives data from the following servers:
Other:
Collects OS information
Collects CPU information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK