ELF_TSUNAMI.DFI

Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado.

Rutina de puerta trasera

Se conecta a uno de los servidores de IRC siguientes:

• {BLOCKED}.{BLOCKED}.18.114
• {BLOCKED}.{BLOCKED}.18.119
• {BLOCKED}.{BLOCKED}.18.121
• {BLOCKED}.{BLOCKED}.220.124
• {BLOCKED}.{BLOCKED}.15.55
• {BLOCKED}.{BLOCKED}.125.36
• {BLOCKED}.{BLOCKED}.199.94
• {BLOCKED}.{BLOCKED}.199.98
• {BLOCKED}.{BLOCKED}.32.30

Se une a los canales de IRC siguientes:

• #{Architecture} (or #0x86)

Ejecuta los comandos siguientes desde un usuario remoto malicioso:

• UNKNOWN {target} {secs} - this performs a non-spoof UDP flood to a specific target at n seconds interval
• PAN {target} {port} {secs} - this performs an advanced SYN flood to a specific target at n seconds interval
• UDP {target} {port} {secs} - this performs a UDP flood to a specific target at n seconds interval
• GETSPOOFS - this prevents anyone from tracking the source of the DoS attack
• SPOOFS {subnet} - changes spoofing to a subnet
• GET {HTTP address} {save as} - this downloads and saves a file
• IRC {command} - this sends commands to the IRC server
• SH {command} - this executes shell commands
• XMAS {target} {port} {secs} {packet} {random/not} - sends an packet attack to specified target and port this generates packets.
• CBACK {ip} {port} -connects back to shell 2_9062015
• KILLALL - terminate background threads or current packetings
• DNS {Domain} - translates domain to ip
• JUNK {target} {port} {time} {threads} - tcp flooder sends 1 byte of garbage data
• STD {target} {port} {secs} - This triggers the bot to perform a denial of service (DoS) attack on a specific target by sending packets at n seconds interval
• STD2 {target} {port} {secs} {trash_data} - Triggers the bot to perform a denial of service (DoS) attack and also allows user to specify garbage data