Home / malwarePDF  

Linux.Shelldos.A


First posted on 23 June 2015.
Source: Symantec

Aliases :

There are no other names known for Linux.Shelldos.A.

Explanation :

If the Trojan is executed without privileges, it creates the following files: /tmp/.chinaz[RANDOM NUMBER BETWEEN ZERO AND NINE]10~/ConfigDatecz/[THREAT FILE NAME]
If the program is executed as root, it creates the following file: /etc/init.d/.chinaz[RANDOM NUMBER BETWEEN ZERO AND NINE]10
Next, the Trojan deletes the following file: /etc/resolv.conf
The Trojan connects to the following remote location through domain name system (DNS): www.avttx.cn (121.42.159.37)
The Trojan then connects to this remote location through port 60000.

Next, the Trojan performs the following actions: Block outgoing TCP connections based on iptables rulesCarry out denial-of-service (DoS) attacks

Last update 23 June 2015

 

TOP