Перейти к содержимому

- - - - -

Doctor Web discovers Linux Trojan written in Rust

  • Please log in to reply
24 ответов в этой теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 7 962 Сообщений:

Отправлено 08 Сентябрь 2016 - 03:00

September 8, 2016

Doctor Web’s specialists have discovered a new Linux Trojan written in the Rust programming language. The Trojan has been named Linux.BackDoor.Irc.16.

Linux.BackDoor.Irc.16 is a typical backdoor program that executes commands issued by cybercriminals via the IRC (Internet Relay Chat) protocol. The Trojan connects to the public chat channel specified in its configuration and awaits its instructions.


The Trojan can execute just four commands. It can connect to a specified chat channel; send cybercriminals information about an infected computer; send cybercriminals data about the applications running in a system; and delete itself from an infected machine.

Unlike the majority of its counterparts, Linux.BackDoor.Irc.16 is written in Rust, a programming language whose creation was sponsored by Mozilla Research. Its first stable version was released in 2015. Linux.BackDoor.Irc.16 was designed to be a cross-platform Trojan—to make a version for Windows, for example, cybercriminals can just recompile this malware program. Doctor Web’s analysts believe that Linux.BackDoor.Irc.16 is, in fact, a prototype (Proof of Concept), because it cannot replicate itself, and the IRC channel used by the Trojan to receive commands from cybercriminals is not currently active.

The signature for Linux.BackDoor.Irc.16 is already in the Dr.Web for Linux database, and it is successfully detected and removed by Doctor Web Anti-virus products.

More about this Trojan

View the article

#2 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 14 Сентябрь 2016 - 20:10

News Robot is back again ? :D

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#3 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 15:03

News Robot is back again ? :D

And it kindly asks you not to translate the news anymore, as it's afraid of loosing its job. 

Sergey Komarov
R&D www.drweb.com

#4 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 15:23


News Robot is back again ? :D

And it kindly asks you not to translate the news anymore, as it's afraid of loosing its job. 



but i guess it's turned off again dear Sergeyko :( and we don't know really for what purpose News Robot deactived , hope Admins let us know

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#5 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 15:33



News Robot is back again ? :D

And it kindly asks you not to translate the news anymore, as it's afraid of loosing its job. 



but i guess it's turned off again dear Sergeyko :( and we don't know really for what purpose News Robot deactived , hope Admins let us know


There is no need to translate the news anyway! Don't be cruel to robots please. 

Sergey Komarov
R&D www.drweb.com

#6 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 15:45




News Robot is back again ? :D

And it kindly asks you not to translate the news anymore, as it's afraid of loosing its job. 



but i guess it's turned off again dear Sergeyko :( and we don't know really for what purpose News Robot deactived , hope Admins let us know


There is no need to translate the news anyway! Don't be cruel to robots please. 


well that's i cannot underestand Sergeyko :S why there is no need? if becuase we can reed them in the company's website too ! well Russians can do the same right? :D but they have Company news in forum also :S so still i insist we should have news in our forum till someone give me a really Compelling answer :unsure:

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#7 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 16:41

How many users have read your translations? How many commented? 

Sergey Komarov
R&D www.drweb.com

#8 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 17:05

How many users have read your translations? How many commented? 


hmm you expect English Speakers come in this forum whilst almost 0 staffs are available in English Forum ? :D


if it's just about readers well this is normal ! very very very more normall than you and DrWeb Development, managers, admins thinks ! why? it's simple ! becuase since 2012 DrWeb attention to English Speakers and English forum Felled ! it really Decreased ! i mean it ! you can see that  in these two pics even in 2012 English Speakers and English forum was interested to news even more than own Russians users !








even now if you see users in english forum fell ! this is not their fault this is on DrWeb . no one knows why DrWeb care about Russians more than English Speakers while its a Global company not a local antivirus company in moscow ! or wherever for example saint petersburg :)


pics have words with you DrWeb ;) be better with us :D



“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#9 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 18:08

Do you play WebIQMeter? 

Sergey Komarov
R&D www.drweb.com

#10 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 18:15

Do you play WebIQMeter? 


no. is that related to our discussion? :D

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#11 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 18:26


Do you play WebIQMeter? 


no. is that related to our discussion? :D


Very much!

Sergey Komarov
R&D www.drweb.com

#12 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 18:32



Do you play WebIQMeter? 


no. is that related to our discussion? :D


Very much!



i don't think so :facepalm:

your'e trying to bypass the real problem here i think :D

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#13 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 18:37

i don't think so

Bad for you. Playing WebIQMeter you could have earned drweb'ки - very nice artifacts, valuable in a way. But translating our news you don't earn neither those artifacts nor the users' attention. 


your'e trying to bypass the real problem here i think

Right, right. 

Sergey Komarov
R&D www.drweb.com

#14 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 18:41


i don't think so

Bad for you. Playing WebIQMeter you could have earned drweb'ки - very nice artifacts, valuable in a way. But translating our news you don't earn neither those artifacts nor the users' attention. 




your'e trying to bypass the real problem here i think

Right, right. 



that's it? :D i guess choosing you as a DrWeb Staff dear Sergey was a mistake from DrWeb :facepalm:
 you cannot help or even answer to users's questions no matter how much they are simple ! i remember last time also we have a discussion and your last answer was Ok! :D



Bad for you. Playing WebIQMeter you could have earned drweb'ки - very nice artifacts, valuable in a way. But translating our news you don't earn neither those artifacts nor the users' attention.''


i don't care about that at least now ! i just want an answer for my question ! :D why we cannot have more attention in DrWeb forum? you said we don't need to news and i ask another question ! finall answer was Right ! :D really ?!

Сообщение было изменено Mr.Pr: 15 Сентябрь 2016 - 18:44

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#15 sergeyko



  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 15 Сентябрь 2016 - 19:08

why we cannot have more attention in DrWeb forum?


Sergey Komarov
R&D www.drweb.com

#16 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 15 Сентябрь 2016 - 19:22


why we cannot have more attention in DrWeb forum?




English speakers?


look Sergey :D i'm not against DrWeb ok? your behavior is like .. i don't know but i feel i am talking against drweb ! if you want play i can continue to your game but this is not ok these are nothing but spam :D try to answer the question or let it go , you answer the questions with questions !

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#17 l.e.e.



  • Posters
  • 4 797 Сообщений:

Отправлено 21 Сентябрь 2016 - 18:38

Прикрепленный файл  mistake.png   10,19К   0 Скачано раз

who it yandex ?!  :)

Сиюминутное Ригпа бессущностно и ясно.


#18 l.e.e.



  • Posters
  • 4 797 Сообщений:

Отправлено 21 Сентябрь 2016 - 18:45



What is problem...

Сиюминутное Ригпа бессущностно и ясно.


#19 Mr.Pr



  • Posters
  • 270 Сообщений:

Отправлено 22 Сентябрь 2016 - 11:53




about that post you ask who it yandex? i don't know really if that is related to this topic i should say yandex is a Russian company and as i know it's a company like Google . :D


about the links. Thank You i saw them before, But news in Company's website are available in Russian Language too! but still news robot is active in Russian forum :D really is something wrong with English forum ? if it is, so DrWeb can let us know once for ever :D


of course Best Regards,


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov


DrWeb Gallery for your Avatars: Click

My Telegram ID: @OParham


Best Regards,


#20 l.e.e.



  • Posters
  • 4 797 Сообщений:

Отправлено 23 Сентябрь 2016 - 23:40

really is something wrong with English forum ? if it is, so DrWeb can let us know once for ever

sanctions, sir  :lol:

Сиюминутное Ригпа бессущностно и ясно.


Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых