Malware type: Elf Executable

Aliases: BLITZ, DoS.Linux.Blitz

In the wild: No

Destructive: No

Language: English

Platform: Unix

Encrypted: No

Overall risk rating:

This is a Denial of Service (DoS) attack written for a Unix platform. It requires a source and destination IP to flood with data. Attacked computers usually hang and crash.

For additional information about this threat, see:

Description created: Nov. 6, 2000 12:09:32 PM GMT -0800


Size of malware: 8,268 Bytes

Initial samples received on: Jul 5, 2000

Payload 1: Hangs System

This program prompts for a source and a destination IP. It checks if the source is set to zero so that it randomizes an IP. Otherwise, it uses the IP its user provides. It then sends out TCP connection request to a target system, which is usually a Web server or a SMTP server that a remote user attacks/floods. The source system receives the TCP connection request from the target host.

When the target system responds to the TCP connection request and the source system IP is invalid or randomized, the target does not get a connection established. Instead, it continues to attempt connection and opens a process with every attempt. It does not close all the active connections so that the target system slows down, or hangs or even crashes.

This type of DoS is called a SYN flood.


Minimum scan engine version needed: 5.170

Pattern file needed: 0.740.00

Pattern release date: Jul 11, 2000

Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.


Scan your system with Trend Micro antivirus and delete all files detected as ELF_BLITZ. To do this, Trend Micro customers must download the latest pattern file and scan their system.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.