Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Siggen.7641
Aggiunto al database dei virus Dr.Web:
2024-06-14
La descrizione è stata aggiunta:
2024-06-14
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Replaces the following system files:
/usr/bin/ps
/usr/bin/netstat
/usr/bin/ss
/usr/bin/lsof
Launches processes:
mv <SAMPLE_FULL_PATH> /tmp/.bash_profi1e -f
chmod 777 /usr/bin/ss
mv /usr/bin/lsofs /usr/bin/lsof;mv /usr/bin/lsof /usr/bin/lsofs
mv /usr/bin/netstat /usr/bin/netstats
chmod 777 /usr/bin/ps
mv /usr/bin/lss /usr/bin/ls;mv /usr/bin/ls /usr/bin/lss
chmod 777 /usr/bin/netstat
mv /usr/bin/sss /usr/bin/ss;mv /usr/bin/ss /usr/bin/sss
/tmp/.bash_profi1e ks0ftirqd/0
chmod 777 bin boot dev etc home initrd.img initrd.img.old lib lib32 lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinux vmlinux.old /tmp/.bash_prof
mv /usr/bin/ls /usr/bin/lss
mv /usr/bin/lsof /usr/bin/lsofs
chmod 777 /usr/bin/ls
mv /usr/bin/ps /usr/bin/pss
mv /usr/bin/pss /usr/bin/ps;mv /usr/bin/ps /usr/bin/pss
mv /usr/bin/lsofs /usr/bin/lsof
mv /usr/bin/sss /usr/bin/ss
mv /usr/bin/netstats /usr/bin/netstat;mv /usr/bin/netstat /usr/bin/netstats
mv /usr/bin/pss /usr/bin/ps
chmod 777 /usr/bin/lsof
mv /usr/bin/ss /usr/bin/sss
mv <SAMPLE_FULL_PATH> /tmp/.bash_profi1e -f;chmod 777 * /tmp/.bash_prof
mv /usr/bin/lss /usr/bin/ls
rm -rf /tmp/.bash_profi1e
mv /usr/bin/netstats /usr/bin/netstat
Performs operations with the file system:
Modifies file access rights:
/usr/bin
/boot
/dev
/etc
/home
/boot/initrd.img-4.19.0-21-4kc-malta
/usr/lib
/usr/lib32
/usr/lib64
/lost+found
/media
/mnt
/opt
/proc
/root
/run
/usr/sbin
/srv
/sys
/tmp
/usr
/var
/boot/vmlinux-4.19.0-21-4kc-malta
/usr/bin/ps
/usr/bin/netstat
/usr/bin/ls
/usr/bin/ss
/usr/bin/lsof
Creates or modifies files:
/proc/498/cmdline
<SAMPLE_FULL_PATH>
/proc/510/cmdline
/usr/bin/ps
/usr/bin/ls
/usr/bin/ss
/usr/bin/lsof
Mounts file systems:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK