Home / malwarePDF  

Linux.Moose


First posted on 29 May 2015.
Source: Symantec

Aliases :

There are no other names known for Linux.Moose.

Explanation :

Linux.Moose may spread to the compromised device through other Linux based routers and embedded devices.

When the worm arrives on the compromised computer, it creates the following files:
elan2elan3
The worm opens a back door on the compromised computer and connects to the following TCP port:
10073
The worm may download configuration files on the compromised device.

The worm may perform the following actions:
Scan for random nearby IP addresses and try to connect to Telnet service port 23Brute force Telnet login prompts with weak usernames and passwordsEavesdrop on the compromised networkObtain an interactive shell of the victimLook at the process list for competing botnetsChange DNS servers on a compromised network based on information in the downloaded configuration file
The worm may steal the following information from the compromised device:
CPU model sizeCPU modelProcesseor sizeProcessor name
The worm may kill processes with the following strings
--scryptstratum+tcp://cmd.so/Challenge

Last update 29 May 2015

 

TOP