Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.BackDoor.Fgt.1662

Added to the Dr.Web virus database: 2018-11-19

Virus description added:

Technical Information

Malicious functions:
Removes itself
Substitutes application name for:
  • c6ecayxipi62t4wvetdv
Modifies firewall settings:
  • iptables -F
Manages services:
  • service iptables stop
  • systemctl stop iptables.service
  • service firewalld stop
  • systemctl stop firewalld.service
Launches processes:
  • sh -c rm -rf /tmp/*
  • rm -rf /tmp/*
  • sh -c iptables -F
  • sh -c pkill -9 busybox
  • pkill -9 busybox
  • sh -c pkill -9 perl
  • pkill -9 perl
  • sh -c pkill -9 python
  • pkill -9 python
  • sh -c service iptables stop
  • sh -c service firewalld stop
  • sh -c rm -rf ~/.bash_history
  • rm -rf /root/.bash_history
  • sh -c history -c
Performs operations with the file system:
Creates or modifies files:
  • /etc/resolv.conf
Deletes files:
  • /tmp/*
  • /root/.bash_history
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 89.##.237.189:75
Sends data to the following servers:
  • 89.##.237.189:75
Receives data from the following servers:
  • 89.##.237.189:75
Other:
Collects CPU information

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number