McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Linux/Brunfly is a direct action file infector, infecting ELF binary files in the current directory. Infected files have their filesize increased with (usually) 4096 bytes decimal.

Visible strings inside infected files include for example:
WARNING: brundle-fly infected!

The samples for Linux/Brunfly were directly submitted to AVERT.

Symptoms

-ELF files having increased filesize, usually 4096 bytes decimal.

-Visible strings inside infected files include for example:
WARNING: brundle-fly infected!

Method of Infection

Manually running a malicious ELF binary file starts the infection.

Removal

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -

Linux/Brunfly is a direct action file infector, infecting ELF binary files in the current directory. Infected files have their filesize increased with (usually) 4096 bytes decimal.

Visible strings inside infected files include for example:
WARNING: brundle-fly infected!

The samples for Linux/Brunfly were directly submitted to AVERT.

Symptoms

Symptoms -

-ELF files having increased filesize, usually 4096 bytes decimal.

-Visible strings inside infected files include for example:
WARNING: brundle-fly infected!

Method of Infection

Method of Infection -

Manually running a malicious ELF binary file starts the infection.

Removal -

Removal -

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants -

N/A