JavaScript support is required for our site to be fully operational in your browser.
Linux.BackDoor.Fgt.2016
Added to the Dr.Web virus database:
2019-02-19
Virus description added:
2019-02-19
Technical Information
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
Launches processes:
sh -c grep -c ^processor /proc/cpuinfo
grep -c ^processor /proc/cpuinfo
sh -c free -mt|grep \"Total:\"|awk '{print $2}'|head -n1
grep Total:
free -mt
head -n1
awk {print $2}
sh -c if [ -f /usr/bin/yum ]; then cat /etc/system-release|head -n1; elif [ -f /usr/bin/apt-get ]; then lsb_release -d|awk '{$1= \"\"; print $0}'|head -n1;fi
awk {$1= \"\"; print $0}
lsb_release -d
sh -c if [ -f /usr/bin/yum ]; then printf \"Centos/Rhel Based\"; elif [ -f /usr/bin/apt-get ]; then printf \"Debian/Ubuntu Based\";fi
sh -c rm -rf /tmp/* /var/tmp/* /tmp/.* /var/tmp/.*
rm -rf /tmp/* /var/tmp/* /tmp/. /tmp/.. /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix /var/tmp/. /var/tmp/..
sh -c rm -rf /var/log/wtmp
rm -rf /var/log/wtmp
sh -c rm -rf /bin/netstat
rm -rf /bin/netstat
sh -c iptables -F
Performs operations with the file system:
Creates or modifies files:
Deletes files:
/tmp/*
/var/tmp/*
/var/log/wtmp
/bin/netstat
Network activity:
Establishes connection:
8.#.8.8:53
31.###.157.206:17769
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
Receives data from the following servers:
Other:
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK