JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.2900
Added to the Dr.Web virus database:
2020-05-12
Virus description added:
2020-05-12
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Modifies firewall settings:
Manages services:
systemctl -p CanReload show cron.service
systemctl -p LoadState show cron.service
/bin/systemctl stop cron.service
Launches processes:
sh -c iptables -F >/dev/null 2>&1
sh -c /etc/init.d/cron stop >/dev/null 2>&1
/etc/init.d/cron stop
run-parts --lsbsysinit --list /lib/lsb/init-functions.d
readlink -f /etc/init.d/cron
sh -c /etc/init.d/crond stop >/dev/null 2>&1
/etc/init.d/crond stop
Kills system processes:
Kills the following processes:
Performs operations with the file system:
Modifies file access rights:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
37.##.226.209:9990
37.##.226.209:28344
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
20#.##.120.64:23
90.##.116.67:23
13#.##3.15.78:23
15#.##8.86.153:23
18#.##7.120.240:23
70.##.250.43:23
14.##.82.45:23
10#.##.31.164:23
58.##8.81.20:23
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK