high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Please read the instructions for removing Trojans.
More Information
Sophos Anti-Virus detects as Troj/T0rn-Kit the T0rn rootkit - a collection of tools used by hackers targeting Linux based systems.
The kit mainly comprises replacement copies of standard system commands which have been tweaked to not reveal the fact the system has been compromised. For example the binaries ps, pstree and top have been changed so they don't display the process information of a network sniffing tool a hacker will leave running on the system.
Equally ifconfig is changed so that it doesn't display the promiscious flag for the network interface which is being sniffed.
The ls, du and find binaries are changed so they will not display the files which make up the rootkit.
The kit also includes backdoor ways of regaining root access such as a replacement login which responds to a special password by spawning a root shell. There are also log cleaners to aid in hiding the evidence of the initial attack and scripts to automate the installation.
|
