OSX/Tsunami [Threat Name] go to Threat

OSX/Tsunami.A [Threat Variant Name]

Category trojan
Size 38296 B
Detection created Oct 25, 2011
Signature database version 10250
Aliases OSX/Tsunami (McAfee)
  Backdoor:OSX/Tsunami.A (F-Secure)
  OSX/Tsunami-Gen (Sophos)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan creates the following file:

  • /System/Library/LaunchDaemons/com.apple.logind.plist
Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan connects to the following addresses:

  • x.lisp.su

The IRC protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • perform DoS/DDoS attacks

The trojan contains the following text:

  • Kaiten wa goraku

Please enable Javascript to ensure correct displaying of this content and refresh this page.