Threat Encyclopedia

ELF_ROOTKIT40-7

Malware type: Elf Executable

Aliases: Rootkit.Linux.Agent.40 (Kaspersky), Trojan Horse (Symantec), BDS/RootkitLnx.40.B (Avira), Troj/Lrk4 (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Linux

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

Low

Distribution potential:

Low

Description: 

This executable Linux file (ELF), which arrives on affected systems as a dropped component of another malware, is used by malicious users to gain access to systems. It usually comes in a group or in a set of programs and scripts that work together to exploit them.

Its main purpose is to hide the malicious user's presence and to provide continued unauthorized access to the affected system. It also hides its components to avoid easy detection.

For additional information about this threat, see:

Description created: Feb. 2, 2007 11:33:17 AM GMT -0800


TECHNICAL DETAILS


File type: ELF

Memory resident:  No

Size of malware: Varies

Initial samples received on: Dec 8, 2001

Payload 1: Hides component files

Details:

This executable Linux file (ELF), which arrives on affected systems as a dropped component of another malware, is used by malicious users to gain access to systems. It usually comes in a group or in a set of programs and scripts that work together to exploit them.

Its main purpose is to hide the malicious user's presence and to provide continued unauthorized access to the affected system. It also hides its components to avoid easy detection.

This ELF malware runs on Linux operating systems.

Analysis By: Ricardo O. Pineda Jr.


SOLUTION


Minimum scan engine version needed: 8.000

Pattern file needed: 4.241.00

Pattern release date: Feb 2, 2007


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Running Trend Micro Antivirus

If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Scan your computer with Trend Micro antivirus and delete files detected as ELF_ROOTKIT40-7. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.




Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.

Featured Stories

Connect with us on