- 2b8dda784e907288f6aafd76cb6f1fbee682aeb9 (packed exe)
A Trojan written in TCL and distributed as an .exe file. It is used by cybercriminals that exploit Linux.PNScan.1, Linux.BackDoor.Tsunami.133, Linux.BackDoor.Tsunami.144, and Linux.BackDoor.Tsunami.150.
This malicious program is implemented as an IRC bot whose main purpose is to hack websites created on WordPress and Joomla platforms and also websites that use such online-store management system as osCommerce.
If the Trojan finds a vulnerability in a website that operates on the Wordpress platform, a PHP script detected as PHP.Shell.191 (c2a11fe85472143be72fe7acd8a432d68804e8cc) gets installed on the compromised Internet resource. A script detected as PHP.Shell.328 ( fc381bc5b190faf0d196696d81937b72252073ec (unpacked), 24b8898e640b5a4af17c2be787fbaae22aeb2ae8 (packed)) gets installed on websites that use osCommerce and Joomla software.