La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Hanthie.1

Aggiunto al database dei virus Dr.Web: 2013-08-14

La descrizione è stata aggiunta:

A multicomponent Trojan for Linux. Once launched, it checks whether its process or a virtual machine are already running in the system. By creating the autorun file (for example, ~/.config/autostart/system-firewall.<string>.desktop) and copying itself to a disk folder (for example, ~/.config/.System_Firewall/system-firewall.<string>.config), the Trojan gets installed on the system. In the temporary folder, the malware creates an executable library and tries to inject this library into running processes. If the attempt fails, Linux.Hanthie runs a new executable file that resides in a temporary folder and is responsible for communication with the server. After that, the Trojan deletes the original copy of the file.

Into Firefox, Google Chrome, Opera, Chromium, and Ice Weasel, the Trojan embeds a grabber that intercepts information transferred via HTTP and HTTPS protocols and sends cybercriminals the data entered by the user into various forms. Linux.Hanthie can execute the following commands:

  • socks—start a proxy server,
  • bind—run a port listener script,
  • bc—connect to the command and control server,
  • update—download and install updates,
  • rm—remove itself.

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number