FÜR NUTZER

Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche

Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Alle: -
Offen: -
Letzte Anfrage: -

Rufen Sie uns an

+7 (495) 789-45-86

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID

Dr.Web vxCube

Sign in to Dr.Web vxCube

Analyse von virenabhängigen Vorfällen

Virenbibliothek

Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

Mythen über Virenschutzsoftware

Linux.BackDoor.Tsunami.1114

Added to the Dr.Web virus database: 2019-08-09

Virus description added: 2019-08-09

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

/var/spool/cron/crontabs/root

Malicious functions:

Launches itself as a daemon

Launches processes:

sh -c (crontab -l| grep -v c855a922; echo \"*/10 * * * * /root/c855a922 >/dev/null 2>&1\") | crontab -
crontab -
crontab -l
grep -v c855a922
/root/c855a922

Performs operations with the file system:

Modifies file access rights:

/var/spool/cron/crontabs/tmp.NSdmqp

Creates or modifies files:

<SAMPLE_FULL_PATH>
/var/spool/cron/crontabs/tmp.NSdmqp

Network activity:

Connects to the following servers over the IRC protocol:

Server: 13#.#4.146.42; Command: NICK RT-RED-i686-c855a922-DOSRSHZ\nUSER Linux localhost localhost :box-i386 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17)\n
Server: 13#.#4.146.42; Command: MODE RT-RED-i686-c855a922-DOSRSHZ -xi\n
Server: 13#.#4.146.42; Command: JOIN #TM :bleh\n

DNS ASK:

ww##.omfg.pw

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number