Home / malware Linux.Sshscan
First posted on 29 December 2015.
Source: SymantecAliases :
There are no other names known for Linux.Sshscan.
Explanation :
When the Trojan is executed, it connects to the following remote locations: [http://]testzzzzzz.10g.me/sshv-servi[REMOVED][http://]testzzzzzz.10g.me/sshv-servi[REMOVED][http://]testzzzzzz.10g.me/sshv-ser[REMOVED]
The Trojan then downloads the following files from these locations: [PATH TO MALWARE]/sshv-service-wordlist[PATH TO MALWARE]/sshv-service-shell.sh[PATH TO MALWARE]/sshv-service-rule
Next, the Trojan connects an IP address specified in [PATH TO MALWARE]/sshv-service-rule
The Trojan may then attempt to crack Secure Shell (SSH) login details for the root user using passwords stored in [PATH TO MALWARE]/sshv-service-wordlist
If the Trojan successfully logs in, it may create a script to allow it to spread itself. It also sends a report to the following remote location: [http://]testzzzzzz.10g.me/sshv[REMOVED]Last update 29 December 2015
