FOR CUSTOMERS

Close

My library

+ Add to library

24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

New ticket

Call us

+7 (495) 789-45-86

RU CN DE EN ES FR IT JP KZ UZ PL BY

Close

Support services

Scanners

Dr.Web vxCube

Trial

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

News

Linux.Siggen.4032

Added to the Dr.Web virus database: 2021-07-04

Virus description added: 2021-07-04

Technical Information

Malicious functions:

Gets access to SSH keys

/root/.ssh/authorized_keys

Manages services:

systemctl restart ssh*

Launches processes:

mkdir -p /root/.ssh
apt-get install curl
/usr/bin/dpkg --print-foreign-architectures
/usr/lib/apt/methods/http

Kills the following processes:

/usr/lib/apt/methods/http

Performs operations with the file system:

Modifies file access rights:

/var/cache/apt/pkgcache.bin.oIoeNU

Creates folders:

/root/.ssh

Creates or modifies files:

/var/lib/dpkg/lock
/var/cache/apt/pkgcache.bin.oIoeNU
/var/cache/apt/archives/lock
/etc/ssh/sshd_config

Deletes files:

/var/cache/apt/pkgcache.bin

Other:

Collects RAM information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number