JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.2053
Added to the Dr.Web virus database:
2019-08-04
Virus description added:
2019-08-04
Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
sh -c cd /bin/; cat tftp > tftp-cpy; >tftp; cat <SAMPLE_FULL_PATH> > tftp
cat tftp
cat <SAMPLE_FULL_PATH>
sh -c cd /bin/; cat rm > rm-cpy; >rm; cat <SAMPLE_FULL_PATH> > rm
cat rm
sh -c cd /bin/; cat kill > kill-cpy; >kill; cat <SAMPLE_FULL_PATH> > kill
cat kill
sh -c cd /sbin/; cat tftp > tftp-cpy; >tftp; cat <SAMPLE_FULL_PATH> > tftp
sh -c cd /sbin/; cat rm > rm-cpy; >rm; cat <SAMPLE_FULL_PATH> > rm
sh -c cd /sbin/; cat kill > kill-cpy; >kill; cat <SAMPLE_FULL_PATH> > kill
Performs operations with the file system:
Creates or modifies files:
/tmp/.lmaopid
/var/.lmaopid
/dev/.lmaopid
/mnt/.lmaopid
/run/.lmaopid
/var/tmp/.lmaopid
/.lmaopid
/dev/shm/.lmaopid
/bin/.lmaopid
/etc/.lmaopid
/boot/.lmaopid
/usr/.lmaopid
/bin/tftp-cpy
/bin/tftp
/bin/rm-cpy
/bin/rm
/bin/kill-cpy
/bin/kill
/sbin/tftp-cpy
/sbin/tftp
/sbin/rm-cpy
/sbin/rm
/sbin/kill-cpy
/sbin/kill
Network activity:
Establishes connection:
80.###.109.98:10001
8.#.8.8:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK