1. /
  2. Security Response/
  3. Linux.Backdoor.Kaiten

Linux.Backdoor.Kaiten

Risk Level 1: Very Low

Discovered:
February 14, 2006
Updated:
February 15, 2006 10:21:26 AM
Systems Affected:
Linux

Linux.Backdoor.Kaiten is a Trojan horse that opens a back door on the compromised computer.

Once executed, the Trojan opens a back door on the compromised computer, by using an IRC client to connect to the following IRC servers on port TCP 6667:
66.119.66.107
irc.terra.com
independence.remoteserver.org
freedom.ns01.biz
networking.dyndns.org
liberty.no-ip.biz
xp.yi.org

The Trojan then joins a predetermined IRC channel and listens for commands. These commands allow a remote attacker to perform the following actions on the compromised computer:
Perform a distributed denial of service attack using SYN and UDP
Download and execute remote files
Change client nickname
Change servers
Send UDP packets
Spoof an IP addresses
End Processes
Enable or disable packeting
Carry out flooding methods
End the client application

The Trojan may modify the following system files:
/etc/rc.d/rc.local
/etc/rc.conf
Writeup By: Elia Forio
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver