Linux.Packed.456
Added to the Dr.Web virus database:
2019-06-21
Virus description added:
2019-06-21
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /etc/init.d/rcS_bak
- /etc/init.d/rcS
Malicious functions:
Launches processes:
- sh -c /bin/busybox cp <SAMPLE_FULL_PATH> /var/tmp/
- /bin/busybox cp <SAMPLE_FULL_PATH> /var/tmp/
- sh -c /busybox cp <SAMPLE_FULL_PATH> /tmp/
- /busybox cp <SAMPLE_FULL_PATH> /tmp/
- sh -c /bin/busybox cp <SAMPLE_FULL_PATH> /bin/
- /bin/busybox cp <SAMPLE_FULL_PATH> /bin/
- sh -c cp ~/.bash_profile ~/.bash_bak
- cp /root/.bash_profile /root/.bash_bak
- sh -c echo 'cd /tmp;<SAMPLE_FULL_PATH> self.load;cd' >> ~/.bash_profile
- sh -c echo 'cd /var/tmp/;<SAMPLE_FULL_PATH> self.load;cd' >> ~/.bash_profile
- sh -c echo 'cd /bin/;<SAMPLE_FULL_PATH> self.load;cd' >> ~/.bash_profile
- sh -c /bin/busybox cp /etc/init.d/rcS /etc/init.d/rcS_bak
- /bin/busybox cp /etc/init.d/rcS /etc/init.d/rcS_bak
- sh -c /bin/busybox echo 'cd /tmp/;<SAMPLE_FULL_PATH> self.load;cd' >> /etc/init.d/rcS
- /bin/busybox echo cd /tmp/;<SAMPLE_FULL_PATH> self.load;cd
- sh -c /bin/busybox echo 'cd /var/tmp/;<SAMPLE_FULL_PATH> self.load;cd' >> /etc/init.d/rcS
- /bin/busybox echo cd /var/tmp/;<SAMPLE_FULL_PATH> self.load;cd
- sh -c /bin/busybox echo 'cd /bin/;<SAMPLE_FULL_PATH> self.load;cd' >> /etc/init.d/rcS
- /bin/busybox echo cd /bin/;<SAMPLE_FULL_PATH> self.load;cd
Performs operations with the file system:
Creates or modifies files:
- /var/tmp/<SAMPLE>
- /bin/<SAMPLE>
- /root/.bash_profile
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息