Home / malware Linux.Kaiten.B
First posted on 21 October 2015.
Source: SymantecAliases :
There are no other names known for Linux.Kaiten.B.
Explanation :
If the Trojan has the appropriate privileges (usually root privileges) on the computer, then it installs itself by modifying one of the following files.
/etc/rc.d/rc.local/etc/rc.conf
The modified file is executed once the computer starts.
Next, the Trojan connects to the following remote location as an IRC client: 173.242.117.89:443
The Trojan then joins a predetermined IRC channel to allow it to receive commands. These commands may let the Trojan perform the following actions: Change client's nicknameSpoof IP addressLaunch distributed denial-of-service (DDoS) through UDPClose client applicationLast update 21 October 2015
