BitDefender Antivirus
Kontakt | Mein BitDefender | Partner Login

Worm.Linux.Mare.D

Ausbreitung : medium
Schaden : medium
Size: ~470 KB
Entdeckt : 2006 Feb 21

SYMPTOMS:

Presence of file “listen.log” in the same directory with the virus.
Port 25555 is opened.

TECHNICAL DESCRIPTION:

This worm is compiled with gcc. The virus scans port 80 on all IP addresses within a random B class network. If one of these computers has a known vulnerability (usually a php or xml vulnerability), the worm sends several commands to the victim computer (that download the worm using wget).

 

Port 25555 is opened and packets are sent to the following servers: 81.223.104.152, 24.224.174.18. The worm also tries to download itself (using php or xml vulnerabilities) from the following address 209.123.16.34/gicolo.

Removal instructions:

a)      Please let BitDefender disinfect your files.

or

b)      Kill virus process and delete its file from the disk.

 

ANALYZED BY:

Gavrilut Dragos, Virus Researcher, and Sorin Ciorceri, Virus Researcher
©   2010 BITDEFENDER SiteMap | Rechtliche Hinweise | International | Impressum