OSF.8759

OSF.8759 is a computer virus which infects ELF binaries on Linux systems.

Design

The virus increases the infected files for each 8759 bytes, 4662 of them are a backdoor that is behind appended to the binary file. According Viruslist.com the backdoor is designed so that it does not fit the ELF file structure. This can later modified versions be inserted into the code.

The virus tries to infect all files recursively in its directory. Once it is started with root account privileges, he tried all the files in the / bin directory to compromise. In any case less than 201 files are infected in one program run. Files from the / dev and / proc and all files with the extension ps as in maps are not attacked. The backdoor reads the UDP on port 3049 and provides commands that execute binaries on the target system. During execution of the virus attempts to change firewall rules, so as not to interfere with the backdoor. He also starts a separate debugger to prevent debugging on the system. If the debugger can not start, it is possible that even a debugger has been started by the system. In this case, the program is terminated.