用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Linux.BackDoor.Tsunami.1032

Added to the Dr.Web virus database: 2019-01-30

Virus description added: 2019-01-29

Technical Information

Malicious functions:

Removes itself

Substitutes application name for:

[procManager]

Network activity:

Establishes connection:

8.#.8.8:53

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Connects to the following servers over the IRC protocol:

Server: 18#.#44.25.177; Command: NICK [SEIZE|x86_32]GKTWY\nUSER vamp localhost localhost :kebs4head\n
Server: 18#.#44.25.177; Command: PONG :6A724D2E\n
Server: 18#.#44.25.177; Command: MODE GKTWY -xi\n
Server: 18#.#44.25.177; Command: JOIN ##flamebotnet :\n
Server: 18#.#44.25.177; Command: WHO GKTWY\n

Sends data to the following servers:

92.##.102.217:23
15#.#6.54.16:23
35.###.36.217:23
81.##.217.141:23
23.##3.4.111:23
99.##.247.151:23
46.##.0.63:23
12#.##7.126.144:23
10#.##9.154.111:23

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number