0 Members and 1 Guest are viewing this topic.
Technical Details The Trojan sends data to TCP port 22 (the port that the SSH daemon uses) of the computer specified on the command line. This data is not malicious and has no discernible effect on that computer.The Trojan adds an entry for a new user with a User ID of 0 ("root") in the password file, /etc/passwd, and adds a password for that user in the shadow password file, /etc/shadow. Then, it creates a file, /tmp/.tmp, which contains the following lines of text:/etc/passwd/etc/shadowknown_hosts, for which it searches in the directories /root/.ssh* and in /home and all its subdirectories.The Trojan emails this file to two addresses, and then deletes it.