SecurityHome.eu Linux.Susiribot

Home / malware PDF

Linux.Susiribot

First posted on 24 April 2015.
Source: Symantec
Aliases :
There are no other names known for Linux.Susiribot.
Explanation :
Once executed the creates the following files:
/tmp/susu1/tmp/susu1.z/tmp/susu2/tmp/susu2.z
It may then modify the following file:
/etc/rc.conf
The Trojan may lower the PHP security level on the compromised computer.

The Trojan then opens a back door on the compromised computer and may connect to the following Internet Relay Chat (IRC) channel to receive commands:
#sususu
The Trojan may then perform the following actions on the compromised computer:
Scan for computers vulnerable to the Shellshock bug in order to spreadDownload potentially malicious filesPerform denial-of-service attacks
Last update 24 April 2015

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Linux.Susiribot