SecurityHome.eu Linux.Shelldos.A

Home / malware PDF

Linux.Shelldos.A

First posted on 23 June 2015.
Source: Symantec
Aliases :
There are no other names known for Linux.Shelldos.A.
Explanation :
If the Trojan is executed without privileges, it creates the following files: /tmp/.chinaz[RANDOM NUMBER BETWEEN ZERO AND NINE]10~/ConfigDatecz/[THREAT FILE NAME]
If the program is executed as root, it creates the following file: /etc/init.d/.chinaz[RANDOM NUMBER BETWEEN ZERO AND NINE]10
Next, the Trojan deletes the following file: /etc/resolv.conf
The Trojan connects to the following remote location through domain name system (DNS): www.avttx.cn (121.42.159.37)
The Trojan then connects to this remote location through port 60000.

Next, the Trojan performs the following actions: Block outgoing TCP connections based on iptables rulesCarry out denial-of-service (DoS) attacks
Last update 23 June 2015

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Linux.Shelldos.A