Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Linux/BackDoor-Suki

Feb 11, 2004 12:01AM PST

Date Discovered: 10/10/2003
Date Added: 2/11/2004
Origin: Unknown
Length: 28344, 36622
Type: Trojan
SubType: Remote Access

Virus Characteristics

Detection was added to cover for two malicious ELF type binary files. The first one was originally called "init " , having a filesize of 28344 bytes, the second one was originally called "server " , having a filesize of 36622 bytes.

The "init" file is used to try to fork a subshell on a remote computer. Once the backdoor is initialized, it can make its process id's (pid) invisible so it won't be recognized easily.

It tries to read/write the Idt and Syscall tables, if an error occurs it might display an F*** error message, making it easy to spot.

It tries to capture login information, also from ssh, telnet, ftp, rlogin, mysql.


Once a system has been compromised it can be controlled remotely.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101010

Discussion is locked