HACKINGTOOLS_SHARK

 Analysis by: Sabrina Lei Sioting
 Modified by: Cris Nowell Pantanilla

 PLATFORM:

Linux OS

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This is a Fast SYN Scanner that uses libnet and libpcap, which require root level access. It scans a given netblock on a specified port, using the specified interface with some type of speed setting value.

A certain command may be used in this tool.

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It is a component of other malware.

It hacks a computer by running a command line.

  TECHNICAL DETAILS

File Size:

1,310,720 bytes

File Type:

ELF

Initial Samples Received Date:

06 Apr 2011

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Hacking Tool is a component of other malware.

Hacktool Routine

This Hacking Tool hacks a computer by running a command line.

NOTES:

This is a Fast SYN Scanner that uses libnet and libpcap, which require root level access. It scans a given netblock on a specified port, using the specified interface with some type of speed setting value.

The following command may be used in this tool:

usage: ./ss {port} [-a {a class} | -b {b class}] [-i speed 10 -> as fast as possible, 1 -> it will take bloody ages (about 50 syns/s)

  SOLUTION

Minimum Scan Engine:

8.900

FIRST VSAPI PATTERN FILE:

1.164.28

FIRST VSAPI PATTERN DATE:

06 Apr 2011

Scan your computer with your Trend Micro product to delete files detected as HACKINGTOOLS_SHARK. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.