JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.3185
Added to the Dr.Web virus database:
2020-07-02
Virus description added:
2020-07-01
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
/etc/init.d/anacroni
/etc/init.d/.depend.boot
/etc/init.d/.depend.start
/etc/init.d/.depend.stop
Creates or modifies the following symlinks:
/etc/rc0.d/K02exim4
/etc/rc0.d/K08umountfs
/etc/rc0.d/K05umountnfs.sh
/etc/rc0.d/K03sendsigs
/etc/rc0.d/K04rsyslog
/etc/rc0.d/K07networking
/etc/rc0.d/K07hwclock.sh
/etc/rc0.d/K06rpcbind
/etc/rc0.d/K10halt
/etc/rc0.d/K09umountroot
/etc/rc0.d/K06nfs-common
/etc/rc0.d/K01anacroni
/etc/rc1.d/K02exim4
/etc/rc1.d/K04rsyslog
/etc/rc1.d/K06rpcbind
/etc/rc1.d/K06nfs-common
/etc/rc1.d/K01anacroni
/etc/rc2.d/S02anacroni
/etc/rc3.d/S02anacroni
/etc/rc4.d/S02anacroni
/etc/rc5.d/S02anacroni
/etc/rc6.d/K02exim4
/etc/rc6.d/K08umountfs
/etc/rc6.d/K05umountnfs.sh
/etc/rc6.d/K03sendsigs
/etc/rc6.d/K04rsyslog
/etc/rc6.d/K07networking
/etc/rc6.d/K07hwclock.sh
/etc/rc6.d/K06rpcbind
/etc/rc6.d/K09umountroot
/etc/rc6.d/K10reboot
/etc/rc6.d/K06nfs-common
/etc/rc6.d/K01anacroni
Malicious functions:
Launches itself as a daemon
Manages services:
update-rc.d anacroni defaults 95
systemctl daemon-reload
service anacroni start
Launches processes:
sh -c cp -f <SAMPLE_FULL_PATH> /bin/anacroni
cp -f <SAMPLE_FULL_PATH> /bin/anacroni
sh -c touch -r /bin/sh /etc/init.d/anacroni
touch -r /bin/sh /etc/init.d/anacroni
sh -c chmod 777 /etc/init.d/anacroni
chmod 777 /etc/init.d/anacroni
sh -c chkconfig --add anacroni
sh -c chkconfig anacroni on
sh -c update-rc.d anacroni defaults 95
/sbin/insserv anacroni
sh -c service anacroni start
Performs operations with the file system:
Modifies file access rights:
Creates or modifies files:
Deletes files:
/etc/rc0.d/K01exim4
/etc/rc0.d/K07umountfs
/etc/rc0.d/K04umountnfs.sh
/etc/rc0.d/K02sendsigs
/etc/rc0.d/K03rsyslog
/etc/rc0.d/K06networking
/etc/rc0.d/K06hwclock.sh
/etc/rc0.d/K05rpcbind
/etc/rc0.d/K09halt
/etc/rc0.d/K08umountroot
/etc/rc0.d/K05nfs-common
/etc/rc1.d/K01exim4
/etc/rc1.d/K03rsyslog
/etc/rc1.d/K05rpcbind
/etc/rc1.d/K05nfs-common
/etc/rc6.d/K01exim4
/etc/rc6.d/K07umountfs
/etc/rc6.d/K04umountnfs.sh
/etc/rc6.d/K02sendsigs
/etc/rc6.d/K03rsyslog
/etc/rc6.d/K06networking
/etc/rc6.d/K06hwclock.sh
/etc/rc6.d/K05rpcbind
/etc/rc6.d/K08umountroot
/etc/rc6.d/K09reboot
/etc/rc6.d/K05nfs-common
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK