Infection Channel: Dropped by other malware, Downloaded from the Internet
This malware targets systems running on Linux. It allows remote access of affected systems through the use of SSH (Secure Shell Protocol) and steals system login credentials. Users with affected systems may have their systems' security compromised.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.
File size: 481,200 bytes
File type: ELF
Memory resident: Yes
Initial samples received date: 25 Jan 2013
Payload: Compromises system security, Steals information
Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Backdoor Routine
This backdoor executes the following commands from a remote malicious user:
- Remote Access
- Steals Username/Password
It connects to the following websites to send and receive information:
- {BLOCKED}h.info
- {BLOCKED}pository.org
Information Theft
This backdoor gathers the following data:
- Hostname
- Ip Address
- Open Port
Connect with us on
| | | |