Trojan-Spy.Linux.Logftp

Class Trojan-Spy
Platform Linux
Description

Technical Details

This Trojan is a standard Berkley ftp client compiled on Mandrake Linux 9.1,
with a twist: it logs all hosts, usernames and passwords used to connect to ftp
sites to a file named /tmp/.tmp, in the following format:

Host: %ftp name%
Login: %login%
Pass: %password%

Different connection logins are appended to /tmp/.tmp, and the file
/tmp/.tmp will contain all the ftp logins the hacked user makes.

The hacker may later harvest this data and gain access to all ftp servers/sites the infected client connected to.