FANDOM



OSF.8759 is a computer virus that infects ELF binaries on Linux systems.

Design

The virus increases the size of infected files by 8759 bytes, 4662 of which are a backdoor attached at the end of the binary. According to Viruslist.com, the backdoor is designed such that it "is not linked to the ELF structure" so that modified versions of it can be easily incorporated later.[1]

The virus attempts to infect all the files in the current directory recursively and if run from a root account, will try to infect all files in the /bin directory. In any case, no more than 201 files are infected in one run. Moreover the virus avoids infecting the files under /dev, /proc and all the files with a suffix ps such as in maps. The backdoor attempts to listen on UDP port 3049 and provides many internal commands to execute files on the target system. Upon execution, the virus tries to modify the firewall rules so that they do not interfere with the backdoor's operation. It also attempts to evade debugging by spawning a debugger itself. If the virus fails to spawn its own debugger, it assumes that the system already has a running debugger and will terminate its execution immediately.

See also

References


de:OSF.8759

pt:OSF.8759

This article uses material from the Wikipedia article OSF.8759, that was deleted or is being discussed for deletion, which is released under the Creative Commons Attribution-ShareAlike 3.0 Unported License.
Author(s): AzaToth Search for "OSF.8759" on Google
View Wikipedia's deletion log of "OSF.8759"
Wikipedia-logo-v2

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.