Home / malware Linux.Turla
First posted on 12 December 2014.
Source: SymantecAliases :
There are no other names known for Linux.Turla.
Explanation :
Once executed, the Trojan opens a back door on the compromised computer and may connect to one of the following remote locations:
news-bbc.podzone.org82.146.175.43:1773
The Trojan may then download, execute, and then delete the following file:
/tmp/.xdfg
The Trojan may then perform the following actions:
Set the environment variable HOME to HOME=/tmpSync files on a remote hostUpload files from the compromised computerDownload filesLast update 12 December 2014