JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.2075
Added to the Dr.Web virus database:
2019-08-14
Virus description added:
2019-08-14
Technical Information
Malicious functions:
Performs process tracing:
<SAMPLE>
<SAMPLE_FULL_PATH>
Launches processes:
/bin/sh <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
<SAMPLE_FULL_PATH>
/bin/sh <SAMPLE_FULL_PATH> -c
cp -f /usr/bin/chattr /usr/bin/lockr
cp -f /usr/bin/chattr /usr/bin/.locks
cp -f /usr/bin/.locks /usr/bin/lockr
chmod 777 /usr/bin/lockr
chmod 777 /usr/bin/.locks
lockr +i /usr/bin/lockr
lockr +i /usr/bin/.locks
lockr -i /usr/bin/dget
chmod 777 /usr/bin/dget
lockr +i /usr/bin/dget
lockr -i /usr/bin/pkill
chmod 777 /usr/bin/pkill
lockr +i /usr/bin/pkill
lockr -i /usr/bin/nohup
chmod 777 /usr/bin/nohup
lockr +i /usr/bin/nohup
lockr -i /usr/bin/killall
chmod 777 /usr/bin/killall
lockr +i /usr/bin/killall
lockr -i /usr/bin/nslookup
chmod 777 /usr/bin/nslookup
lockr +i /usr/bin/nslookup
ifconfig
grep inet
grep -v 127.0
xargs
awk -F [ :] {print $3}
grep 192.168
/bin/echo inet addr:192.168.214.50 Bcast:192.168.214.255 Mask:255.255.255.0
Kills the following processes:
<SAMPLE>
<SAMPLE_FULL_PATH>
Performs operations with the file system:
Modifies file access rights:
/usr/bin/lockr
/usr/bin/.locks
/usr/bin/dget
/usr/bin/pgrep
/usr/bin/nohup
/usr/bin/killall
/usr/bin/nslookup
Creates or modifies files:
/usr/bin/lockr
/usr/bin/.locks
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK