it kills the (probably not existing) virus scanner

“An associated security bypass is done as well — it will scam for processes running in memory that are associated with Linux-based anti-virus products. If such are found they are going to be killed instantly to avoid detection.”

it tries to infect all computers on the network

“The analysis of Linux.BtcMine.174 shows that a separate function is installed which will harvest credentials information, in this particular case a list of all remote servers and credentials. This allows the hacker operators to hijack the required strings and be able to connect to these machines. This allows for automated infection of whole networks of computers.”

Links:

https://www.sensorstechforum.com/cve-2013-2094-linux-btcmine-174/

https://github.com/DoctorWebLtd/malware-iocs/tree/master/Linux.BtcMine.174

https://vms.drweb-av.de/virus/?i=17645163

you might also wanna read: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin