Home / malware Linux.Raubdo
First posted on 22 October 2015.
Source: SymantecAliases :
There are no other names known for Linux.Raubdo.
Explanation :
The worm propagates by generating random IP addresses and attempting to log in to servers at these locations using a list of Secure Shell (SSH) credentials.
If the worm successfully logs in, it copies itself into the following folder: /tmp/.xs
Next, the worm connects to the following websites, searches for pseudo-random terms, and looks for command-and-control instructions in the returned results: twitter.comreddit.commy.mail.ru
These instructions may allow the worm to upload, download, and execute files.
The worm also opens a back door on the following TCP ports, allowing a remote attacker to access the compromised computer:
90001337Last update 22 October 2015
