Sophos

Troj/Regile-A

Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Unix
Protection available since 9 August 2004 13:25:34 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

Please follow the instructions for removing Trojans.

Remove the user eregli with the command 'userdel eregli' or by deleting the relevent line in /etc/passwd to prevent malicous access.

More Information

Troj/Regile-A is a backdoor for the Linux platform.

If Troj/Regile-A is executed with root privileges it will append the following line to the file /etc/passwd:

eregli::0:0:system user for Memory(by ooze):/:/bin/sh

This creates a user account called eregli with no password and root privileges.

Troj/Regile-A opens port 67 and waits for a connection. Once connected, the intruder has full shell access to the system

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer