Home / malwarePDF  

Linux.Spalooki


First posted on 04 November 2015.
Source: Symantec

Aliases :

There are no other names known for Linux.Spalooki.

Explanation :

When the Trojan is executed, it checks for the following environment variable, which contains the location of the threat's command-and-control server:XDVSN_SESSION_COOKIE
This environment variable may have been manually created by the attacker after initially compromising the computer.

The Trojan then connects to one of the following remote locations to obtain email addresses and email body content:nl.art-partner.net[http://]accs.art-partner.net[REMOVED][http://]bat.art-partner.net/aa2[REMOVED][http://]stats.query-part.com/gj7[REMOVED]
The Trojan may then use these addresses and body content to send spam emails from the compromised computer.

Last update 04 November 2015

 

TOP