ELF_XONE.A

Malware type: Elf Executable

Aliases: Virus.Linux.Xone.a (Kaspersky), Linux/Xone (McAfee), Linux.Zone.A (Symantec), LINUX/Xone.A (Avira), Linux/Xone-A (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Linux

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

Low

Distribution potential:

Low

Description: 

This malware is a direct-infecting ELF virus. The mother file is required to infect other ELF files.

It is designed to infect any file in the folder where it executes. However, during testing, it causes a segmentation fault and does not execute.

The infection has no malicious codes of its own. It simply transfers the control to the original program.

This malware runs on Linux platforms.

For additional information about this threat, see:

Description created: Oct. 28, 2004 9:29:10 AM GMT -0800


TECHNICAL DETAILS


Size of malware: 2,837 Bytes (mother file); ~70 Bytes (infector)

Initial samples received on: Oct 28, 2004

Details:

This malware is a direct-infecting ELF virus. The mother file is required to infect other ELF files.

It is designed to infect any file in the folder where it executes. However, during testing, it causes a segmentation fault and does not execute.

The infection has no malicious codes of its own. It simply transfers the control to the original program.

It contains the following strings in its body:

cyneox/DCA (Dark Coderz Alliane)




Analysis by: Christine Bejerasco


SOLUTION


Minimum scan engine version needed: 6.810

Pattern file needed: 2.221.07

Pattern release date: Oct 28, 2004


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as ELF_XONE.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro�s free online virus scanner.


Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.