This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails. It connects to an IRC server where it can receive and perform commands from remote malicious attackers, as well as make the affected system part of its botnet. Affected users may find the security of their systems compromised.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites.
It connects to Internet Relay Chat (IRC) servers.
This backdoor may be dropped by other malware.
It may be unknowingly downloaded by a user while visiting malicious websites.
This backdoor connects to any of the following Internet Relay Chat (IRC) servers:
It accesses a remote Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user:
Scan your computer with your Trend Micro product to delete files detected as ELF_MANUST.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.