UNIX_REFDOS.A

 Analysis by: Adrian Cofreros

 ALIASES:

DoS.Linux.Small.e(Kaspersky)

 PLATFORM:

Linux/Unix

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.

It does not have any propagation routine.

It does not have any backdoor routine.

  TECHNICAL DETAILS

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

Propagation

This Trojan does not have any propagation routine.

Backdoor Routine

This Trojan does not have any backdoor routine.

NOTES:

It does reflection DDoS attacks by providing a specific target, a list of servers for reflection, and time to perform it within seconds.

It uses random port for each list of servers.

The command line is the following:

  • {malware file path and file name} {target host} {file path containing list of server servers} {time to perform the reflection DDoS attacks (seconds)}

It does not have rootkit capabilities.

It does not exploit any vulnerability.

  SOLUTION

Minimum Scan Engine:

9.700

Scan your computer with your Trend Micro product to delete files detected as UNIX_REFDOS.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.