Linux/Tsunami [Threat Name]

Detection created2002-06-26
Short description

Linux/Tsunami serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The trojan can modify the following files:

  • /etc/rc.d/rc.local
  • /etc/rc.local
  • /etc/rc.conf
Other information

The trojan receives data and instructions for further action from the Internet or another remote computer within its own network (botnet).


The trojan contains a list of URLs. The IRC, HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • execute shell commands
  • perform DoS/DDoS attacks

The trojan can rename its process name.

Threat Variants with Description

Threat Variant Name Date Added Threat Type
Linux/Tsunami.NAS 2014-04-14 trojan
Linux/Tsunami.NGJ 2014-07-26 trojan

Please enable Javascript to ensure correct displaying of this content and refresh this page.