Increased network activity.
Please let BitDefender disinfect your files.
Daniel RADU, Virus Researcher
This malware comes usually in the form of disk image for a keygenerator/crack for various applications or as a video codec to view videos online:
Once mounted the image shows having an install package.
The install package contains the following files :
The package contains three files which are of interest: * Archive.pax.gz
(which contains two files: AdobeFlash
) * preinstall
are exactly the same file (bash script)
Once executed the script does drops a file using the uudecode command (http://en.wikipedia.org/wiki/Uudecode
The file is another shell script which installs a crontrab entry (a kind of schedule job/task under windows) which looks for new files to download every 5 minutes.
This is done though another file dropped using uudecode, in this case the file is a perl script which does the actual downloading and executing of the new malware.
At the time of this analysis the host used to download other malware files is no longer available.