SecurityHome.eu Linux.Kaiten.B

Home / malware PDF

Linux.Kaiten.B

First posted on 21 October 2015.
Source: Symantec
Aliases :
There are no other names known for Linux.Kaiten.B.
Explanation :
If the Trojan has the appropriate privileges (usually root privileges) on the computer, then it installs itself by modifying one of the following files.
/etc/rc.d/rc.local/etc/rc.conf
The modified file is executed once the computer starts.

Next, the Trojan connects to the following remote location as an IRC client: 173.242.117.89:443
The Trojan then joins a predetermined IRC channel to allow it to receive commands. These commands may let the Trojan perform the following actions: Change client's nicknameSpoof IP addressLaunch distributed denial-of-service (DDoS) through UDPClose client application
Last update 21 October 2015

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Linux.Kaiten.B