Protege lo creado

Otros recursos

  • — utilidades gratuitas, complementos, informadores
  • — un servicio en Internet para los proveedores de servicios Dr.Web AV-Desk
  • — utilidad de desinfección de red Dr.Web CureNet!

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte 24 horas | Normas de contactar

Sus solicitudes



Added to the Dr.Web virus database: 2015-07-16

Virus description added:


  • 04c467b82ee5f06ed6987849e7b32a15c087b9c3 (unpacked)
  • 4ef259d95dc0b1bc52edb79aff661876b4f4be84 (packed)

A Trojan designed to infect routers running Linux. It serves the only purpose—to brute-force router access passwords. If the hacking attempt is successful, the Trojan uploads a malicious script that, in turn, downloads and installs backdoors based on the router architecture (ARM, MIPS, or PowerPC).

Once launched, the Trojan receives operating parameters that determine the attack type and the range of IP addresses to scan. The following User-Agent value is used for the attack:


The malicious program can carry out the following attacks:

  • Attack on Linksys routers exploiting a vulnerability in HNAP (Home Network Administration Protocol)
  • Attack on Linksys routers exploiting the CVE-2013-2678 vulnerability
  • Attack exploiting the ShellShock vulnerability (CVE-2014-6271)
  • Attack exploiting a vulnerability in the Fritz!Box routers' subsystem of remote command call

Files uploaded by malicious scripts to the infected device are detected by Dr.Web as Linux.BackDoor.Tsunami.133 and Linux.BackDoor.Tsunami.144.

Curing recommendations


After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Desarrollador ruso de antivirus Dr.Web
Experiencia de desarrollo a partir del año 1992
Dr.Web se usa en más de 200 países del mundo
Entrega de antivirus como servicio a partir del año 2007
Soporte 24 horas

Dr.Web © Doctor Web
2003 — 2020

Doctor Web es un productor ruso de los medios antivirus de protección de la información bajo la marca Dr.Web. Los productos Dr. Web se desarrollan a partir del año 1992.

125040, Rusia, Moscú, c/3 Yamskogo Polya, 2, edif.12А