Backdoor.Linux.Tsunami.gen

From Total Malware Info

The backdoor provides an attacker with a remote access to an infected machine. It is a Linux application (ELF-file). It is 29318 bytes in size.

MD5: 1610768b1524e24d840ae25964d02c8e

SHA1: 8766ba34a15e56850feab896b37a987077b0d2a4

Payload

The backdoor provides networking with the following hosts:

80.243.***.131

In response, the backdoor receives next commands from an attacker:

TSUNAMI
UNKNOWN
NICK
SERVER
GETSPOOFS
SPOOFS
DISABLE
ENABLE
KILL
VERSION
KILLALL
HELP
IRC
SH
PAN
MOVE
UDP
GET

Depending on command backdoor can perform the following actions:

• downloads files from the Internet to save them with the specified name and run (GET);
• executes shell commands (SH);
• communicates via HTTP and IRC channels (SERVER, NICK, IRC, VERSION, HELP, MOVE, KILL);
• organizes DDoS-attacks on the specified IP-address (TSUNAMI, GETSPOOFS, SPOOFS, DISABLE, ENABLE, PAN, UDP, KILLALL);

Thus backdoor provides an attacker a full access to an infected computer, which becomes a part of a botnet.

Removal instructions

If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:

1. Delete the original malicious file (the location on the infected computer will depend on how the program originally penetrated the victim machine).

2. Perform a full system scan with an antivirus with updated databases.