Linux/Tsunami [Threat Name] go to Threat

Linux/Tsunami.NGJ [Threat Variant Name]

Category trojan
Size 31816 B
Detection created Jul 26, 2014
Detection database version 10158
Aliases HEUR:Backdoor.Linux.Tsunami.bh (Kaspersky)
  Backdoor:Linux/Tsunami.gen!A (Microsoft)
  Linux/Tsunami.A (AVG)
Short description

Linux/Tsunami.NGJ serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The trojan attempts to modify the following files:

  • /etc/rc.local
  • /etc/rc.d/rc.local
Other information

The trojan receives data and instructions for further action from the Internet or another remote computer within its own network (botnet).


The trojan contains a list of (4) URLs. The IRC, HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • execute shell commands
  • perform DoS/DDoS attacks

The trojan can rename its process to one of the following names:

  • /usr/bin/apt-cache

It contains the following strings:

  • Kaiten wa goraku

For further information follow the links below:


* Linux Mint Hacked

Please enable Javascript to ensure correct displaying of this content and refresh this page.