FOR CUSTOMERS

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Support services

Dr.Web vxCube

Sign in to Dr.Web vxCube

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

Linux.BackDoor.Fgt.1980

Added to the Dr.Web virus database: 2019-02-14

Virus description added: 2019-02-14

Technical Information

Malicious functions:

Launches itself as a daemon

Modifies firewall settings:

iptables -F

Manages services:

service iptables stop

Launches processes:

sh -c rm -rf /tmp/* /var/tmp/* /tmp/.* /var/tmp/.*
rm -rf /tmp/* /var/tmp/* /tmp/. /tmp/.. /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix /var/tmp/. /var/tmp/..
sh -c rm -rf /var/log/wtmp
rm -rf /var/log/wtmp
sh -c rm -rf /bin/netstat
rm -rf /bin/netstat
sh -c iptables -F
sh -c pkill -9 perl
pkill -9 perl
sh -c pkill -9 python
pkill -9 python
sh -c service iptables stop

Performs operations with the file system:

Creates or modifies files:

/etc/resolv.conf

Deletes files:

/tmp/*
/var/tmp/*
/var/log/wtmp
/bin/netstat

Network activity:

Establishes connection:

8.#.8.8:53
46.##.165.131:17769

Sends data to the following servers:

46.##.165.131:17769

Other:

Collects CPU information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number