Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ** New DDoS / Trojan **

From: nine () 14X NET (nine)
Date: Mon, 12 Jun 2000 11:33:18 -0400

This also runs on FreeBSD [other *BSDs I would suppose], jusdt about every
Linux distro, and anything else with ELF support. When it contacts
208.139.192.34 [ns.netinfo.com] it is connecting itself as a leaf to the
main ddos hub which is the ip stated above. I will be making the usual
rounds to attemp to catch the one who is responsible for the creation and
distribution of this. The person who originally sent it to me will soon
[accidentally] give me more information about it, and I will report my
findings back to the forum.

Erik Tayler
14x Network Security
http://www.14x.net

On Mon, 12 Jun 2000, David Endler wrote:


This one seems to run on UNIX (specifically redhat linux
I've tried), forks in the background as in.inetd, attaches to
port 3001 and listens for incoming connections, then tries
to contact via tcp  208.139.192.34 (ns.netinfo.com) on port
23911 with the new victim's information.

-dave


David Endler
Senior Security Engineer
iDEFENSE Risk Management Services
6100 Lincolnia Road
Alexandria, VA 22312
voice: 703.914.4102
fax: 703.914.7100

dendler () idefense com
www.idefense.com



-----Original Message-----
From: nine [mailto:nine () 14X NET]
Sent: Saturday, June 10, 2000 2:12 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: ** New DDoS / Trojan **


Security professionals,

I recently talked to someone who was bragging that this is on [so-far]
thousands of computers world-wide. He says this is a leaf that connects to
a hub, similar to past ddos tools. This is new, and all or most of you
have never seen this before. Partners of 14x Network Security have been
looking this over, and tracking down the person responsible for the
attacks. We already know one person that is distributing it widely, and
are hoping to track it to the source.

I am releasing the binary to you all to look at, it would be interesting
to hear what you all think about it.

Erik Tayler
14x Network Security
http://www.14x.net
Previous By Date Next
Previous By Thread Next

Current thread: