Home / malwarePDF  

Linux.Gafgyt


First posted on 03 October 2014.
Source: Symantec

Aliases :

There are no other names known for Linux.Gafgyt.

Explanation :

The Trojan searches for routers by reading the following file name:
/proc/net/route
The Trojan attempts to brute-force the routers using commonly used usernames and passwords.

The Trojan may connect to one of the following servers:
162.253.66.76, port 53 89.238.150.154, port 5 108.162.197.26
The Trojan may accept the following commands from the remote server:
PING GETLOCALIP SCANNER HOLD JUNK UDP TCP KILLATTK LOLNOGTFO
The Trojan may steal system information from the following location and send it to a remote server:
/proc/cpuinfo

Last update 03 October 2014

 

TOP