Aspegic
Verified User
- Joined
- Aug 4, 2005
- Messages
- 282
Today I got a virus warning from Norton Antivirus. A file was infected with the Hacktool.Flooder virus. The file turned out to be inside one of the user-backup files I was downloading from my DA server to my local pc.
The backup file I was downloading was from a user who is running a Joomla website. In his /images folder is a hidden subdirectory named .kin
Inside this folder are a bunch of files, one of which is named xh which was the infected file.
Using Google I found several references to the Hacktool.Flooder virus but none of them were very useful. They only mention the virus but don't explain much about what it does.
Oddly all removal instructions are for Windows, not Linux so maybe it isn't even written for Linux, but then what purpose could it have on a Linux server?
I have contacted my client but he has no idea how it could have ended up on his website.
There are also serveral other files inside the .kin folder, a couple have the word Kelpiebot in the filename. But a Google search for Kelpiebot did not turn up any results.
Another file is called eggdrop and Googling for this word returned a couple of results indicating that it may have something to do with IRC.
All the files in the .kin folder have a user/group ownership of apache/apache so I assume they were uploaded through his website (although I cannot be sure about that).
Does anyone have more information about this Hacktool.Flooder virus?
The backup file I was downloading was from a user who is running a Joomla website. In his /images folder is a hidden subdirectory named .kin
Inside this folder are a bunch of files, one of which is named xh which was the infected file.
Using Google I found several references to the Hacktool.Flooder virus but none of them were very useful. They only mention the virus but don't explain much about what it does.
Oddly all removal instructions are for Windows, not Linux so maybe it isn't even written for Linux, but then what purpose could it have on a Linux server?
I have contacted my client but he has no idea how it could have ended up on his website.
There are also serveral other files inside the .kin folder, a couple have the word Kelpiebot in the filename. But a Google search for Kelpiebot did not turn up any results.
Another file is called eggdrop and Googling for this word returned a couple of results indicating that it may have something to do with IRC.
All the files in the .kin folder have a user/group ownership of apache/apache so I assume they were uploaded through his website (although I cannot be sure about that).
Does anyone have more information about this Hacktool.Flooder virus?
