Raspberry Pi Forums

A small, affordable computer with free resources to help people learn, make things, and have fun
https://www.raspberrypi.org/forums/

What is Kaiten? Virus?

https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=160374

Page 1 of 1

What is Kaiten? Virus?

Posted: Tue Sep 20, 2016 8:03 pm
by Ninjafishleg
Recently, my Pi CPU usage has been locked at about 95% constantly, despite the fact that I'm only running a small-ish python script. After a quick top command, I found that a programme called "kaiten" was using 90% of the CPU. After killing kaiten, everything seems to work fine and the CPU usage drops down to where it should be. A google search would suggest that Kaiten is a Trojen. How should I go about removing this and how worried should I be?
P.S. The Pi is also running as a server.
P.P.S The Kaiten programme was running under root. :shock:

Re: What is Kaiten? Virus?

Posted: Tue Sep 20, 2016 8:09 pm
by jamesh
Re-image the SD card, or get a new one.

(i.e. Nuke it from orbit, it's the only way to be sure)

Re: What is Kaiten? Virus?

Posted: Tue Sep 20, 2016 8:26 pm
by Heater
Where did you get your SD card image from?

According to Symantec:

"The Trojan must be manually installed and executed by the user"

So either you have done this or your SD card provider has.

https://www.symantec.com/security_respo ... 18-2341-99

Re: What is Kaiten? Virus?

Posted: Tue Sep 20, 2016 9:06 pm
by DougieLawson
Heater wrote:Where did you get your SD card image from?

According to Symantec:

"The Trojan must be manually installed and executed by the user"

So either you have done this or your SD card provider has.

https://www.symantec.com/security_respo ... 18-2341-99
Or the OP has opened a port to the public internet without hardening the security on the system. Userid=pi with password=raspberry and allowed to use sudo with no protection is a very simple infection vector.

Re: What is Kaiten? Virus?

Posted: Tue Sep 20, 2016 9:15 pm
by Heater
That would do it.

Re: What is Kaiten? Virus?

Posted: Wed Sep 21, 2016 3:44 pm
by allfox
Well, in Japanese kaiten(回転) means spinning, and it uses up CPU, it sounds like some kind of pressure test program to me.

Anyway, re-image would help.

Re: What is Kaiten? Virus?

Posted: Wed Sep 21, 2016 4:42 pm
by karrika
Some time ago there was this shellshock vulnerability in bash. There were reports where the vulnerability downloaded the source code of kaiten and compiled it with gcc for the target platform.

http://www.lucadonettidontin.it/blog/sh ... urce-code/

The bad thing is that if raspbian was not patched for shellshock you could infect the pi during the boot from the dhcp server.

The moral of the story: update security patches frequently.

Re: What is Kaiten? Virus?

Posted: Thu Sep 22, 2016 2:30 am
by Graymalk
Heh, I've always wondered what would get installed on my web serving Pi if I ever let the constant onslaught of daily attacks succeed.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/