Home / malware Linux.Susiribot
First posted on 24 April 2015.
Source: SymantecAliases :
There are no other names known for Linux.Susiribot.
Explanation :
Once executed the creates the following files:
/tmp/susu1/tmp/susu1.z/tmp/susu2/tmp/susu2.z
It may then modify the following file:
/etc/rc.conf
The Trojan may lower the PHP security level on the compromised computer.
The Trojan then opens a back door on the compromised computer and may connect to the following Internet Relay Chat (IRC) channel to receive commands:
#sususu
The Trojan may then perform the following actions on the compromised computer:
Scan for computers vulnerable to the Shellshock bug in order to spreadDownload potentially malicious filesPerform denial-of-service attacksLast update 24 April 2015
