McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This file is an ELF type binary, having a filesize of 4172 bytes.

It is a commandline tool that could be used by malicious users or worms allow remote access to the compromised machine. Upon execution, it tries to make a connection to an arbitrary Internet address and port chosen by the malicious user.

When successful, the backdoor daemon forks a subshell that is redirected to the newly established network connection. Malicious users of this backdoor may then remotely execute arbitrary system commands on the compromised machine over this channel.

It may indefinitely make re-connection attempts every 5 seconds when the connection fails.

Symptoms

• Unexpected persistent outgoing TCP connections.
• Presence of a cback executable (ELF) in /tmp or other writable folders.

Method of Infection

This trojan may be planted onto compromised machines by means of exploits, worm or other malware.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This file is an ELF type binary, having a filesize of 4172 bytes.

It is a commandline tool that could be used by malicious users or worms allow remote access to the compromised machine. Upon execution, it tries to make a connection to an arbitrary Internet address and port chosen by the malicious user.

When successful, the backdoor daemon forks a subshell that is redirected to the newly established network connection. Malicious users of this backdoor may then remotely execute arbitrary system commands on the compromised machine over this channel.

It may indefinitely make re-connection attempts every 5 seconds when the connection fails.

Symptoms

Symptoms -

• Unexpected persistent outgoing TCP connections.
• Presence of a cback executable (ELF) in /tmp or other writable folders.

Method of Infection

Method of Infection -

This trojan may be planted onto compromised machines by means of exploits, worm or other malware.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A