PARA USUARIOS

Mi biblioteca

+ Añadir a la biblioteca

Buscar

Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Todas: -
No cerradas: -
Última: -

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

Entrar en el analizador

Peritaje de IIV

Biblioteca de virus

Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Mitos sobre los antivirus

Linux.Siggen.3207

Added to the Dr.Web virus database: 2020-07-13

Virus description added: 2020-07-13

Technical Information

Malicious functions:

Removes itself

Launches itself as a daemon

Substitutes application name for:

GNU

Modifies firewall settings:

/sbin/iptables -A INPUT -p tcp --destination-port 23 -j DROP

Launches processes:

sh -c /sbin/iptables -A INPUT -p tcp --destination-port 23 -j DROP
sh -c mount -o bind /tmp /proc/547 > /dev/null
sh -c mount -o bind /tmp /proc/548 > /dev/null
sh -c mount -o bind /tmp /proc/551 > /dev/null
mount -o bind /tmp /proc/551
mount -o bind /tmp /proc/547
mount -o bind /tmp /proc/548
sh -c mount -o bind /tmp /proc/549 > /dev/null
mount -o bind /tmp /proc/549

Performs operations with the file system:

Mounts file systems:

/tmp

Network activity:

Awaits incoming connections on ports:

127.0.0.1:13219

Establishes connection:

8.#.8.8:53
14#.#1.13.37:81

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Sends data to the following servers:

12#.##.61.249:23
17#.##9.27.95:23
79.###.108.123:23
50.##.193.70:23
24#.##6.82.228:23
93.##0.89.67:23
25#.##1.243.22:23
48.###.195.33:23
24#.##2.209.111:23
14#.#1.13.37:81

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number