Discovered: February 14, 2006
Updated: February 15, 2006 10:21:26 AM
Systems Affected: Linux
Linux.Backdoor.Kaiten is a Trojan horse that opens a back door on the compromised computer.
Antivirus Protection Dates
- Initial Rapid Release version February 14, 2006
- Initial Daily Certified version February 14, 2006
- Latest Daily Certified version February 14, 2006
- Initial Weekly Certified release date February 15, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Elia Forio
Discovered: February 14, 2006
Updated: February 15, 2006 10:21:26 AM
Systems Affected: Linux
Linux.Backdoor.Kaiten is a Trojan horse that opens a back door on the compromised computer.
Once executed, the Trojan opens a back door on the compromised computer, by using an IRC client to connect to the following IRC servers on port TCP 6667:
66.119.66.107
irc.terra.com
independence.remoteserver.org
freedom.ns01.biz
networking.dyndns.org
liberty.no-ip.biz
xp.yi.org
The Trojan then joins a predetermined IRC channel and listens for commands. These commands allow a remote attacker to perform the following actions on the compromised computer:
Perform a distributed denial of service attack using SYN and UDP
Download and execute remote files
Change client nickname
Change servers
Send UDP packets
Spoof an IP addresses
End Processes
Enable or disable packeting
Carry out flooding methods
End the client application
The Trojan may modify the following system files:
/etc/rc.d/rc.local
/etc/rc.conf
Writeup By: Elia Forio