UNIX_FLOODDOS.A
Trojan.Linux.DDoS (Ikarus); ELF:Chinaz-A [Trj] (Avast); Trojan-DDoS.Linux.Znaich.a (Kaspersky); Linux/DDoS-Flood.A (McAfee);
Linux, Unix
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This backdoor may be downloaded from remote sites by other malware.
It connects to a website to send and receive information.
TECHNICAL DETAILS
618,948 bytes
ELF
No
17 Jan 2015
Arrival Details
This backdoor may be downloaded from remote site(s) by the following malware:
Backdoor Routine
This backdoor connects to the following websites to send and receive information:
- aa.{BLOCKED}352.com
- {BLOCKED}352.com
- {BLOCKED}1.12.{BLOCKED}3.173
Information Theft
This backdoor gathers the following data:
- System info
- Process info
- Memory info
- Version info
- Hostname
Other Details
This backdoor does the following:
- performs DDOS attack
- floods network
- manipulate files and directories
- manipulate process and services
- download and execute arbitrary files
- execute commands
- modifies thread/process priority
- performs spoof
NOTES:
It modifies /etc/rc.local to enable automatic execution at every system start up.
SOLUTION
9.700
11.416.08
16 Jan 2015
11.417.00
16 Jan 2015
Step 1
Remove the malware/grayware file that dropped/downloaded UNIX_FLOODDOS.A. (Note: Please skip this step if the threat(s) listed below have already been removed.)
- HKTL_SHELLSHOCK
Step 2
Scan your computer with your Trend Micro product to delete files detected as UNIX_FLOODDOS.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.