Home / malware Linux.Pinscan
First posted on 13 August 2015.
Source: SymantecAliases :
There are no other names known for Linux.Pinscan.
Explanation :
The Trojan targets routers running Linux and can be deployed on the following architectures:
ARMMIPSx86
When the Trojan arrives on a compromised network, it scans the network for routers.
The Trojan may try to gain access to routers using the following methods:
Brute forcing common passwordsExploiting vulnerabilities to inject code
The Trojan may connect to one of the following locations:
[http://]104.199.135.124/frit[REMOVED][http://]104.199.135.124/seo[REMOVED][http://]104.199.135.124/wg[REMOVED][http://]104.199.135.124/xbin/p[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]104.199.135.124/xbin/tt[REMOVED][http://]107.191.53.222/fbin/p[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]107.191.53.222/fbin/tt[REMOVED][http://]o.kei.su/q[REMOVED][http://]wireless.kei.su/n[REMOVED]
The Trojan may download malware, including Linux.Kaiten, onto the compromised router.Last update 13 August 2015
