Linux/OSF-A

Category	Viruses and Spyware
Type	Virus
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing infected executable files.

Please read the instructions for removing infected executable files.

You should also check your server for any damage an attacker may have caused.

More Information

Summary
Action
More Information

Linux/OSF-A will attempt to infect 200 ELF executables in the current working directory and the directory /bin. The virus will avoid the file ps or any files ending in ps.

If the virus is executed by a privileged user then it will attempt to create a backdoor server on the system. This is achieved by opening a socket on port 3049 or above and waiting for specially configured packets containing instructions for the backdoor program. The server may be asked to create a TCP connection with the attacker and to then attempt to supply them with a shell to use remotely.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Linux/OSF-A

Summary

Action

More Information