This backdoor provides an attacker with remote access to an infected machine. It is a Linux application (ELF file). It is 29 318 bytes in size.
The backdoor provides networking with the following hosts:
In response, the backdoor receives the following commands from an attacker:
TSUNAMI UNKNOWN NICK SERVER GETSPOOFS SPOOFS DISABLE ENABLE KILL VERSION KILLALL HELP IRC SH PAN MOVE UDP GET
Depending on the command, the backdoor can perform the following actions:
- downloads files from the Internet to save them with the specified name and run (GET);
- executes shell commands (SH);
- communicates via HTTP and IRC channels (SERVER, NICK, IRC, VERSION, HELP, MOVE, KILL);
- organizes DDoS attacks on the specified IP address (TSUNAMI, GETSPOOFS, SPOOFS, DISABLE, ENABLE, PAN, UDP, KILLALL).
Thus, the backdoor provides an attacker with full access to an infected computer, which becomes a part of a botnet.
If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:
- Delete the original malicious file (the location on the infected computer will depend on how the program originally penetrated the victim machine).
- Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).