|
| |
|
Malware Description Search |
|
|
| | |
|
|
| |
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Classic Viruses / File and Boot Viruses
Virus.Linux.Winter.341
Virus.Linux.Winter.341 (Kaspersky Lab)
is also known as:
Linux.Winter.341 (Kaspersky Lab),
Linux/Winter.341 (McAfee), Linux.Lotek (Symantec), Linux.Wintermute.341 (Doctor Web), Linux/Winter (RAV), ELF_WINTER (Trend Micro), Linux/Winter.341 (H+BEDV), Unix/Winter.A (FRISK), ELF:Lotek-341 (ALWIL), Linux/Winter.341 (Panda), Linux/Winter.341 (Eset)
| Description added |
Oct 24 2000 |
| Behavior |
Virus |
This is a harmless non-memory resident parasitic Linux virus. It is extremely
small in size for a Linux virus - just 341 bytes (in the known virus version).
When an infected file is run, the virus gains control, searches for ELF files
(Linux executable files) in the current directory, then writes itself to the
middle of the file to the non-used "Notes section" if there is one and it has
enough size. While infecting, the virus overwrites "Notes" data in the section,
but the program runs properly after that.
The virus contains the text string:
LoTek by Wintermute
The virus has a routine that sets a host name (computer name) to "Wintermute",
but this routine never gains control.
| | |
|
