Home / malware Linux.Gafgyt
First posted on 03 October 2014.
Source: SymantecAliases :
There are no other names known for Linux.Gafgyt.
Explanation :
The Trojan searches for routers by reading the following file name:
/proc/net/route
The Trojan attempts to brute-force the routers using commonly used usernames and passwords.
The Trojan may connect to one of the following servers:
162.253.66.76, port 53 89.238.150.154, port 5 108.162.197.26
The Trojan may accept the following commands from the remote server:
PING GETLOCALIP SCANNER HOLD JUNK UDP TCP KILLATTK LOLNOGTFO
The Trojan may steal system information from the following location and send it to a remote server:
/proc/cpuinfoLast update 03 October 2014
