ELF_DNSAMP.B

 Analysis by: Homer Pacag

 ALIASES:

Backdoor.Spikeddos (Symantec); Trojan.Linux.DDoS (Ikarus);

 PLATFORM:

Linux

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It performs denial of service (DoS) attacks on affected systems using specific flooding method(s).

  TECHNICAL DETAILS

File Size:

204748 bytes

File Type:

ELF

Initial Samples Received Date:

04 Jun 2015

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan drops the following copies of itself into the affected system and executes them:

  • /etc/.misys

Denial of Service (DoS) Attack

This Trojan performs denial of service (DoS) attacks on affected systems using the following flooding method(s):

  • UDP Flood
  • DNS Flood
  • SYN Flood
  • GET Flood
  • ICMP Flood