Home / malwarePDF  

Linux.Worm.Slapper.B/C


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Linux.Worm.Slapper.B/C is also known as Linux.Slapper.Worm.

Explanation :

These are 2 variants of Linux.Worm.Slapper.A. They use the same exploit and the changes are minor. The file names are different from first variant as specified in the Symptoms section. Another change is the port of the backdoor component of the virus:
- 1978 - variant B
- 4156 - variant C

The B variant sends a notification mail-message to address cinik_worm@yahoo.com with the IP and some other informations of the infected host. Some comments in the virus source (.cinik.c) are written in Romanian. If the virus fails to download the source code on the victim, it will try to download it from a Romanian site.

The C variant contains another backdoor (.update.c and update) which connects on the port 1052. To be used, the backdoor requires a password to be given. Also the virus sends a notification to aion@ukr.net.

In conclusion, analyzing the source codes, these variants were modified by a 24 years old Romanian (variant B) and a 21 years old Ukrainean (variant C).

Last update 21 November 2011

 

TOP