Home / malware Backdoor:MacOS_X/Tsunami.A
First posted on 06 April 2012.
Source: MicrosoftAliases :
Backdoor:MacOS_X/Tsunami.A is also known as Backdoor.OSX.Tsunami.S (VirusBuster), Trojan horse OSX/Agent.B (AVG), BDS/Katien.R (Avira), MAC.OSX.Backdoor.Tsunami.A (BitDefender), BackDoor.Ddoser.162 (Dr.Web), OSX/Tsunami.A trojan (ESET), Backdoor.OSX.Sunam (Ikarus), Backdoor.OSX.Sunam.b (Kaspersky), OSX/Tsunami (McAfee), OSX/Tsunami-A (Sophos), OSX.Tsunami (Sybari), OSX_TSUNAMI.A (Trend Micro).
Explanation :
Backdoor:MacOS_X/Tsunami.A is an IRC-controlled backdoor trojan capable of participating in and performing a distributed denial of service (DDoS) attack.
Top
Backdoor:MacOS_X/Tsunami.A is an IRC-controlled backdoor trojan capable of participating in and performing a distributed denial of service (DDoS) attack.
Payload
Once executed, Backdoor:MacOS_X/Tsunami.A attempts to establish a remote connection with any of the following IRC servers:
- pingu.anonops.li
- x.lisp.su
Backdoor:MacOS_X/Tsunami.A allows a remote attacker to control the affected computer and perform commands that include, but may not be limited to, the following:
Other information
- Download files
- Execute a shell and IRCcommand
- Change IRCnickname and servers
- Perform PUSH/ACK, SYN, and USDflood attacks
- Spoof IP addresses
- Display a HELP menu
Backdoor:MacOS_X/Tsunami.A is built from open-source codes of an IRC-based distributed denial of service client called 'kaiten', a modified version of 'Tsunami'. Different versions of this threat have been previously observed in the Windows and Linux platforms.
Analysis by Methusela Cebrian Ferrer
Last update 06 April 2012
