Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4400 (2004-10-20) Updated DAT4820 (2006-08-02) |
Minimum Engine
5.1.00 File Length18028 |
Description Added
2004-10-20 Description Modified2004-12-21 |
Malware Proliferation
Characteristics
Detection was added to cover for a malicious unix file originally called in.rexedcs .
The file is an ELF type binary, having a filesize of 18028 bytes.
Upon execution it tries to bind and listen for remote instructions.
However during testing it failed to execute properly, it didn't load itself successfully, the binary file hung.
It may display the following message on the screen: "dispari in pula mea !"
It doesn't have initial exploit code so even if executed manually it shouldn't be able to activate successfully on a properly configured system.
Symptoms
- Presence of the file/filesize as mentioned above
- Weird message on the screen.
Method of Infection
- Infection starts with manual execution of the ELF type binary file. It shouldn't be able to activate successfully on a properly configured/updated system.
Removal
Detection is included in the specified DAT release.
In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used. Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.Administrators should regularly check for availability of important security updates/patches.
Recommended links: Caldera Debian FreeBSD Redhat Sun SuSeVariants