Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Linux.Hanthie.1

Added to the Dr.Web virus database: 2013-08-14

Virus description added:

A multicomponent Trojan for Linux. Once launched, it checks whether its process or a virtual machine are already running in the system. By creating the autorun file (for example, ~/.config/autostart/system-firewall.<string>.desktop) and copying itself to a disk folder (for example, ~/.config/.System_Firewall/system-firewall.<string>.config), the Trojan gets installed on the system. In the temporary folder, the malware creates an executable library and tries to inject this library into running processes. If the attempt fails, Linux.Hanthie runs a new executable file that resides in a temporary folder and is responsible for communication with the server. After that, the Trojan deletes the original copy of the file.

Into Firefox, Google Chrome, Opera, Chromium, and Ice Weasel, the Trojan embeds a grabber that intercepts information transferred via HTTP and HTTPS protocols and sends cybercriminals the data entered by the user into various forms. Linux.Hanthie can execute the following commands:

  • socks—start a proxy server,
  • bind—run a port listener script,
  • bc—connect to the command and control server,
  • update—download and install updates,
  • rm—remove itself.

Recommandations pour le traitement


Linux

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

Pour 1 mois (sans enregistrement) ou 3 mois (avec enregistrement et remise pour le renouvellement)

Télécharger Dr.Web

Par le numéro de série