OSF.8759

OSF.8759 is a computer virus that infects ELF binary files on Linux systems.

design

The virus increases the size of the infected files by 8759 bytes each, 4662 of which are a backdoor that is attached to the back of the binary file. According to Viruslist.com, the backdoor is designed not to match the ELF file structure. This allows modified versions to be inserted into the code later.

The virus tries to recursively infect all files in its directory. As soon as it is started with root account rights, it tries to compromise all files in the / bin directory. In any case, however, a maximum of 200 files will be infected in one program run. Files from the directories / dev and / proc and all files with the ending ps as in maps are not attacked. The backdoor reads the UDP on port 3049 and provides commands that execute binary files on the target system. While it is running, the virus tries to change the firewall rules so as not to disrupt the backdoor. It also starts its own debugger to prevent debugging on the system. If the debugger cannot start, it is possible that the system has already started a debugger. In this case the program terminates.

Individual evidence

↑ Virus.Linux.Osf.8759. (No longer available online.) In: Securelist - English - Global - securelist.com. Archived from the original on March 4, 2016 ; accessed on March 2, 2016 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

[1] Virus.Linux.Osf.8759. (No longer available online.) In: Securelist - English - Global - securelist.com. Archived from the original on March 4, 2016 ; accessed on March 2, 2016 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

OSF.8759

design

See also

Individual evidence