- Dr.Web KATANA consists of a set of next-generation Dr.Web anti-virus technologies that is designed to provide advanced protection. It will shield your computer from threats that your anti-virus cannot yet recognize.
- Dr.Web Secure Space is a security suite which includes antivirus, URL filtering, a firewall, spam filter, parental controls and more. The latest edition adds Dr.Web ShellGuard, which the company.
Founded back in 1992, Dr.Web is a Russian developer with a vast range of security products for desktops and mobile devices. Dr.Web Secure Space is a security suite which includes antivirus, URL. Dr Web Host is an ICANN-accredited domain name registrar. In addition to great pricing and a commitment to world-class customer service, we offer web hosting, email, website builder, premium and expired domain names, and SSL certificates. Web Pro is you all in one solution to grow online. Create your own website, get a domain name, fast hosting, online marketing and 24/7 support.
- 9ae9233c79390495e607059870671c9936c413c5
- b59fc07afc9f159562f71b3a21c38b1d471acc2f
A multicomponent malware program capable of infecting Linux devices and intended to be used for Monero (XMR) mining. It is implemented as a shell script containing over 1,000 lines of code.
When launched, it checks whether the server, from which the Trojan will subsequently download additional modules, is available:
If the script is not run with /sbin/init, the following actions are performed:
- The script is moved to a previously selected folder with write permissions (rwx) that is named diskmanagerd (the name is specified in the $WatchDogName variable).
- The script tries to restart using nohup or just in the background if nohup is not installed (in this case, the Trojan installs the coreutils package).
Then the Trojan downloads and runs a version of the Linux.BackDoor.Gates.9 Trojan. This family of backdoors allows commands issued by cybercriminals to be executed and DDoS attacks to be carried out:
After that, the malware program searches for other miners and removes them when it detects them. For this, it scans /proc/${pid}/exe and /proc/${pid}/cmdline to check for specific lines (cryptonight, stratum+tcp, etc.).
If Linux.BtcMine.174 was not launched as root, it downloads and runs another shell script (SHA1: 9ae9233c79390495e607059870671c9936c413c5) from the attackers’ server, which, in turn, downloads and runs a number of exploits to escalate the privileges of Linux.Exploit.CVE-2016-5195 (DirtyCow) and Linux.Exploit.CVE-2013-2094 in the system.
In the next step, the script checks to see whether it is running as root. If it is, it stops services, removes their files using package managers, and empties the directories. The names of the following services are listed in the script: safedog, aegis, yunsuo, clamd, avast, avgd, cmdavd, cmdmgd, drweb-configd, drweb-spider-kmod, esets, xmirrord.
Then the Trojan adds itself to the Autorun list, using /etc/rc.local, /etc/rc.d/..., /etc/cron.hourly. After that, it downloads and launches a rootkit, also executed as a shell script. Among the rootkit module’s notable features is the ability to steal user-entered passwords for the su command and to hide files in the file system, network connections, and running processes.
After that, the Trojan runs a feature that collects data from various sources about all the hosts to which the current user has previously connected via SSH. The Trojan tries to connect to these hosts and infect them:
Next, the Trojan launches and maintains a Monero (XMR) miner. In an infinite loop, the script checks for updates on a remote server so that it can download and install them if they become available. To do that, it carries out the following actions:
- The current script version number is stored to the $shell_ver variable.
- The file http://${remote_host}:${remote_port}/shell_ver.txt is downloaded.
- The obtained version is checked against the current one. If they match, nothing happens; if they do not match, the Trojan downloads the new script version from the management server.
DrWebHost is one of the fastest-growing companies in the web hosting industry. You don’t have to go searching anywhere for finding a reliable web hosting partner because we have crafted web hosting solutions that can fill the void left by others in the market. Our journey is driven by passionate leaders and backed by extremely talented professionals. We are committed to providing the best web hosting solution in India and overseas.
Passport Web To Host
What we do
We specialize in providing web hosting solution for all types of websites. Irrespective of whether you have a brand new blog, a high traffic website or if you own an ecommerce website, DrWebHost has just the right solution for you!
DrWebHost serves a broad range of services, such as Shared Hosting, Business Hosting, WordPress Hosting, Power Hosting, Cloud Hosting, Reseller Hosting, Dedicated Server, VPS Server, SSL Certificates, Website Security, WHMCS, SpamExperts, and much more.
We have got you covered with round the clock technical assistance and we make sure that all your issues get resolved at the earliest. You can get in touch with any of your queries related to our web hosting services via- email or WhatsApp chat.
Dr Webb Houston Tx
We offer an unconditional money-back guarantee. You can opt for a refund within the first 7 days of your purchase. Not only this, but we also give guaranteed uptime of 99.99%.