virus logo Virus

Linux/Typot

description-logoAnalysis

  • Trojan is an Elf binary and may have been created on a Mandrake Linux system – one variant of the Trojan is 116,580 bytes while another is 456,321 bytes
  • Trojan may be installed onto Linux systems by a hacker or group of hackers as the folder and file “tmp/…/a”
  • Trojan runs memory resident running frequent and persistent scans across the Internet, sending SYN packets with a TCP window size of 55808 and a size of 44 bytes – the target IP addresses are chosen using a randomizing technique
  • Trojan is believed to be mapping IP addresses in a possible precursor to another attack
  • Trojan periodically checks for Internet connectivity by attempting to locate the IP address 12.108.65.76 – this IP address does not appear to be associated with the Trojan in any other way
  • Trojan contains the string “XegypT” and “Typot” in its body

Telemetry logoTelemetry

ID 21520
Released Jun 23, 2003
Description
Updated		 Jul 03, 2003
Aliases Tumbler