JavaScript support is required for our site to be fully operational in your browser.
Linux.BackDoor.Tsunami.1027
Added to the Dr.Web virus database:
2019-01-29
Virus description added:
2019-01-29
Technical Information
Malicious functions:
Removes itself
Substitutes application name for:
Network activity:
Establishes connection:
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Connects to the following servers over the IRC protocol:
Server: 18#.#44.25.177; Command: NICK [SEIZE|x86_32]NFYKIH\nUSER vamp localhost localhost :kebs4head\n
Server: 18#.#44.25.177; Command: PONG :6229EC70\n
Server: 18#.#44.25.177; Command: MODE NFYKIH -xi\n
Server: 18#.#44.25.177; Command: JOIN ##flamebotnet :\n
Server: 18#.#44.25.177; Command: WHO NFYKIH\n
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK