SecurityHome.eu Worm.Perl.SHS.{A-B}

Home / malware PDF

Worm.Perl.SHS.{A-B}

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Worm.Perl.SHS.{A-B} is also known as Net-Worm.Perl.Santy.d, (KAV.
Explanation :
The virus is a Perl script, supposedly developed from the Worm.PhpBB.Santy.A source code.

It uses a vulnerability in the PHPBB forum code to propagate itself. The list of sites is obtained from Google search and Yahoo Cade search (version A) or Yahoo Cade and AOL Search (version B).

After finding a suitable target, the virus then exploits the PHPBB code and if the PHPBB code is vulnerable, the exploit will perform several commands:

- kills all perl and wget processes.
- downloads the worm and a perl scripted backdoor (Backdoor.Perl.Shellcode.B) to the /tmp directory
- starts the worm and the backdoor
- deletes all ssh.* and bot* files in the tmp directory
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20