用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Linux.Siggen.3512

Added to the Dr.Web virus database: 2021-01-10

Virus description added: 2021-01-10

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

/var/spool/cron/crontabs/root

Malicious functions:

Launches processes:

sh -c touch -r /opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp/Zimbra.jsp /opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp/Alert.jsp
touch -r /opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp/Zimbra.jsp /opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp/Alert.jsp
sh -c touch -r /opt/zimbra/jetty/webapps/zimbra/public/jsp/Crypt.jsp /opt/zimbra/jetty/webapps/zimbra/public/jsp/CryptCore.jsp
touch -r /opt/zimbra/jetty/webapps/zimbra/public/jsp/Crypt.jsp /opt/zimbra/jetty/webapps/zimbra/public/jsp/CryptCore.jsp
sh -c (crontab -l|grep -v 'zmstorewatch'|grep -v '/tmp/'|grep -v 'wget'|grep -v 'curl')|crontab -
crontab -
crontab -l
grep -v zmstorewatch
grep -v wget
grep -v /tmp/
grep -v curl
sh -c (crontab -l|grep -v zmlogswatch|grep -v 'DO NOT EDIT ANYTHING';printf \"*/60 * * * * /opt/zimbra/lib/zmlogswatc
grep -v zmlogswatch
grep -v DO NOT EDIT ANYTHING

Performs operations with the file system:

Modifies file access rights:

/opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp
/opt/zimbra/jetty/webapps/zimbra/public/jsp
/var/spool/cron/crontabs/tmp.3eoIdF
/var/spool/cron/crontabs/tmp.tQmxdF

Creates folders:

/opt/zimbra
/opt/zimbra/jetty
/opt/zimbra/jetty/webapps
/opt/zimbra/jetty/webapps/zimbraAdmin
/opt/zimbra/jetty/webapps/zimbraAdmin/public
/opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp
/opt/zimbra/jetty/webapps/zimbra
/opt/zimbra/jetty/webapps/zimbra/public
/opt/zimbra/jetty/webapps/zimbra/public/jsp

Creates or modifies files:

/opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp/Alert.jsp
/opt/zimbra/jetty/webapps/zimbra/public/jsp/CryptCore.jsp
/var/spool/cron/crontabs/tmp.3eoIdF
/var/spool/cron/crontabs/tmp.tQmxdF

Deletes files:

/opt/zimbra/jetty/webapps/zimbra/public/jsp/infoc.jsp
/opt/zimbra/jetty/webapps/zimbra/public/jsp/BootCore.jsp
/opt/zimbra/jetty/webapps/zimbra/public/jsp/ShareCore.jsp
/opt/zimbra/jetty/webapps/zimbra/public/jsp/ZimbraCore.jsp
/opt/zimbra/jetty/webapps/zimbra/public/jsp/Online.jsp
/opt/zimbra/jetty/webapps/zimbra/public/404.jsp
/opt/zimbra/conf/zmsstorewatch.cnf
/opt/zimbra/conf/zmsstore.cnf
/opt/zimbra/lib/zmmailboxdwatch
/opt/zimbra/lib/zmstorewatch

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number