[clamav-users] Unix.Trojan.ElkKnot FOUND
Al Varnell
alvarnell at mac.com
Wed May 21 16:12:53 UTC 2014
On Wed, May 21, 2014 at 02:41 AM, DUCARROZ Birgit wrote:
>
> Hi,
>
> as of 05/13/2014 I had suddenly a lot of older files with notification
>
> Unix.Trojan.ElkKnot FOUND
ElkKnot (aka Elknot) is apparently a Linux Trojan associated with DDOS attacks. By coincidence, traces of it were found on an OS X machine where it doesn’t function but still spawns multiple shell scripts and postmail processes every hour. The various components can be seen here.
<http://www.gimmemoneyicandoit.com/virus/crontab_and_scripts.txt>, but we have not been able to identify the installer or vector used.
-Al-
--
Al Varnell
Mountain View, CA
More information about the clamav-users
mailing list