PARA USUARIOS

Mi biblioteca

+ Añadir a la biblioteca

Buscar

Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Todas: -
No cerradas: -
Última: -

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

Entrar en el analizador

Peritaje de IIV

Biblioteca de virus

Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Mitos sobre los antivirus

Linux.BackDoor.Tsunami.1027

Added to the Dr.Web virus database: 2019-01-29

Virus description added: 2019-01-29

Technical Information

Malicious functions:

Removes itself

Substitutes application name for:

[procManager]

Network activity:

Establishes connection:

8.#.8.8:53

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Connects to the following servers over the IRC protocol:

Server: 18#.#44.25.177; Command: NICK [SEIZE|x86_32]NFYKIH\nUSER vamp localhost localhost :kebs4head\n
Server: 18#.#44.25.177; Command: PONG :6229EC70\n
Server: 18#.#44.25.177; Command: MODE NFYKIH -xi\n
Server: 18#.#44.25.177; Command: JOIN ##flamebotnet :\n
Server: 18#.#44.25.177; Command: WHO NFYKIH\n

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number