Linux.BackDoor.Fgt.2016
Added to the Dr.Web virus database:
2019-02-19
Virus description added:
2019-02-19
Technical Information
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
Launches processes:
- sh -c grep -c ^processor /proc/cpuinfo
- grep -c ^processor /proc/cpuinfo
- sh -c free -mt|grep \"Total:\"|awk '{print $2}'|head -n1
- grep Total:
- free -mt
- head -n1
- awk {print $2}
- sh -c if [ -f /usr/bin/yum ]; then cat /etc/system-release|head -n1; elif [ -f /usr/bin/apt-get ]; then lsb_release -d|awk '{$1= \"\"; print $0}'|head -n1;fi
- awk {$1= \"\"; print $0}
- lsb_release -d
- sh -c if [ -f /usr/bin/yum ]; then printf \"Centos/Rhel Based\"; elif [ -f /usr/bin/apt-get ]; then printf \"Debian/Ubuntu Based\";fi
- sh -c rm -rf /tmp/* /var/tmp/* /tmp/.* /var/tmp/.*
- rm -rf /tmp/* /var/tmp/* /tmp/. /tmp/.. /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix /var/tmp/. /var/tmp/..
- sh -c rm -rf /var/log/wtmp
- rm -rf /var/log/wtmp
- sh -c rm -rf /bin/netstat
- rm -rf /bin/netstat
- sh -c iptables -F
Performs operations with the file system:
Creates or modifies files:
Deletes files:
- /tmp/*
- /var/tmp/*
- /var/log/wtmp
- /bin/netstat
Network activity:
Establishes connection:
- 8.#.8.8:53
- 31.###.157.206:17769
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
Receives data from the following servers:
Other:
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息