FOR CUSTOMERS

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Support services

Dr.Web vxCube

Sign in to Dr.Web vxCube

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

Linux.Exploit.CVE-2012-0809.6

Added to the Dr.Web virus database: 2017-12-23

Virus description added: 2017-12-23

Technical Information

Malicious functions:

Compiles a program from source codes:

/usr/bin/gcc e.c -o e

Launches processes:

sh -c /usr/bin/sudo -V
/usr/bin/sudo -V
sh -c /usr/bin/gcc e.c -o e
/usr/bin/sudo %20$08n %*482$ %*2850$ %1073741824$ -D9 -A
e
/bin/sh

Performs operations with the file system:

Modifies file access rights:

/root/e
/root/e.sh

Creates or modifies files:

/root/e.c
/tmp/ccwYlXkC.s
/tmp/ccy5U5pk.o
/tmp/ccU8l832.res
/tmp/cc7PKmGj.c
/tmp/cctNXlw2.o
/tmp/ccmwfvmL.ld
/tmp/ccn8UYcu.le
/root/e
/root/e.sh

Deletes files:

/tmp/ccmwfvmL.ld"
/tmp/ccn8UYcu.le"
/tmp/cc7PKmGj.c"
/tmp/cctNXlw2.o"
/tmp/ccU8l832.res"
/tmp/ccy5U5pk.o"
/tmp/ccwYlXkC.s"
/root/e"
/root/e.c"
/root/e.sh"

Other:

Collects RAM information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number