The virus increases the size of infected files by 8759 bytes, 4662 of which are a backdoor attached at the end of the binary. According to Viruslist.com, the backdoor is designed such that it "is not linked to the ELF structure" so that modified versions of it can be easily incorporated later.
The virus attempts to infect all the files in the current directory recursively and if run from a root account, will try to infect all files in the /bin directory. In any case, no more than 201 files are infected in one run. Moreover the virus avoids infecting the files under /dev, /proc and all the files with a suffix ps such as in maps. The backdoor attempts to listen on UDP port 3049 and provides many internal commands to execute files on the target system. Upon execution, the virus tries to modify the firewall rules so that they do not interfere with the backdoor's operation. It also attempts to evade debugging by spawning a debugger itself. If the virus fails to spawn its own debugger, it assumes that the system already has a running debugger and will terminate its execution immediately.
|35px||This malware-related article could benefit from further information. You can help us by expanding it.|
| This article uses material from the Wikipedia article OSF.8759, that was deleted or is being discussed for deletion, which is released under the Creative Commons Attribution-ShareAlike 3.0 Unported License.