Home / malware Linux.Dofloo
First posted on 09 July 2015.
Source: SymantecAliases :
There are no other names known for Linux.Dofloo.
Explanation :
Once executed, the Trojan opens a back door on the compromised computer and connects to the following remote locations over UDP port 48080:
61.160.213.49183.60.149.199
The Trojan modifies the following files so that it runs every time the compromised computer starts:
/etc/rc.local/etc/rc.d/rc.local/etc/init.d/boot.local
The Trojan may then perform the following actions:
Receive and execute commands from a remote attackerEnd a programCarry out a distributed denial-of-service (DDoS) attack
The Trojan may also send the following information to a remote location:
Computer memory informationCPU informationNetwork informationLast update 09 July 2015