JavaScript support is required for our site to be fully operational in your browser.
Linux.BackDoor.Fgt.2344
Added to the Dr.Web virus database:
2019-06-13
Virus description added:
2019-06-13
Technical Information
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
Launches processes:
sh -c grep -c ^processor /proc/cpuinfo
grep -c ^processor /proc/cpuinfo
sh -c free -mt|grep \"Total:\"|awk '{print $2}'|head -n1
free -mt
grep Total:
awk {print $2}
head -n1
sh -c if [ -f /usr/bin/yum ]; then cat /etc/system-release|head -n1; elif [ -f /usr/bin/apt-get ]; then lsb_release -d|awk '{$1= \"\"; print $0}'|head -n1;fi
lsb_release -d
awk {$1= \"\"; print $0}
sh -c if [ -f /usr/bin/yum ]; then printf \"Centos/Rhel Based\"; elif [ -f /usr/bin/apt-get ]; then printf \"Debian/Ubuntu Based\";fi
sh -c rm -rf /tmp/* /var/tmp/* /tmp/.* /var/tmp/.*
rm -rf /tmp/* /var/tmp/* /tmp/. /tmp/.. /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix /var/tmp/. /var/tmp/..
sh -c rm -rf /var/log/wtmp
rm -rf /var/log/wtmp
sh -c rm -rf /bin/netstat
rm -rf /bin/netstat
sh -c iptables -F
Performs operations with the file system:
Creates or modifies files:
Deletes files:
/tmp/*
/var/tmp/*
/var/log/wtmp
/bin/netstat
Network activity:
Establishes connection:
8.#.8.8:53
18#.###.39.107:17769
Sends data to the following servers:
Receives data from the following servers:
Other:
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK