|
|
|
|
|
|
|
|
|
| Virus Name: | Linux.DDoS-Kaiten |
| Variants/Aliases: |
Linux/DDoS-Kaiten
|
| Virus Type: | Denial of Service Trojan |
| Risk Assessment: | Low |
|
Minimum DAT required: (NAI/NAV) |
4227/not known at time of discovery |
| Virus Characteristics: |
This Linux
trojan is carried by a new version of the Slapper worm. It tries to
connect to the IRC server irc.zyclonicz.net channel #devnull. NOTICE %s :Kaiten wa goraku It is able to conduct various denial of service attacks based on commands typed in the IRC channel. It is also capable of executing arbitrary commands that are typed into the IRC channel. |
| Symptoms: |
Computer connected to this IRC channel. |
| Method of Infection: |
It is installed by a variant of Linux/Slapper, which itself is installed by an OpenSSH exploit. |
| Removal Instructions: |
Detection is included in the specified DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used. Delete
files identified by the scanner, replace them with clean ones from backup
or re-install them using the original packages. Reboot the system. |