| Description:
|
Details
Linux.Winter
This is a harmless non-memory resident parasitic Linux virus. It is extremely small in size for a Linux virus - just 341 bytes (in the known virus version).
When an infected file is run, the virus gains control, searches for ELF files (Linux executable files) in the current directory, then writes itself to the middle of the file to the non-used "Notes section" if there is one and it has enough size. While infecting, the virus overwrites "Notes" data in the section, but the program runs properly after that.
The virus contains the text string:
LoTek by Wintermute
The virus has a routine that sets a host name (computer name) to "Wintermute", but this routine never gains control. |
