McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

The BSD/Exploit-Autofsd trojan was included inside a virus collector set that was sent to AVERT. The exploit code has not been encountered "in the wild".

This code is meant for the Unix BSD flavor.
It is a remote exploit for rpc.autofsd.
It will attempt to put a root shell on tcp port 530.

Comments inside the source indicate that the exploit was written back in 2000.

Usually Unix malware is very flavor/version/kernel specific, newer versions and/or security updates address many exploits.

Symptoms

Method of Infection

Removal

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

The BSD/Exploit-Autofsd trojan was included inside a virus collector set that was sent to AVERT. The exploit code has not been encountered "in the wild".

This code is meant for the Unix BSD flavor.
It is a remote exploit for rpc.autofsd.
It will attempt to put a root shell on tcp port 530.

Comments inside the source indicate that the exploit was written back in 2000.

Usually Unix malware is very flavor/version/kernel specific, newer versions and/or security updates address many exploits.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants -

N/A