ELF_XORDDOS.AS
July 06, 2017
ALIASES:
DoS:Linux/Xorddos.A (Microsoft); a variant of Linux/Xorddos.C trojan (ESET); HEUR:Trojan-DDoS.Linux.Xarcen.a (Kaspersky);
PLATFORM:
Linux
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Backdoor
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
File Size:
625729 bytes
File Type:
ELF
Memory Resident:
Yes
Initial Samples Received Date:
27 Nov 2015
Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Backdoor drops the following copies of itself into the affected system:
- /var/run/gcc.pId
- /lib/libudev.sO
Autostart Technique
This Backdoor drops the following files:
- /etc/cron.hourly/gcc.sh
Other Details
This Backdoor connects to the following possibly malicious URL:
- {BLOCKED}a.{BLOCKED}t456.com:600
- {BLOCKED}a.{BLOCKED}t456.com:6002
- www1.{BLOCKED}t456.com/dd.rar