McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• DDoS.Linux.Reflect (Kaspersky)

• ELF_FERLECT.A (Trend)

Characteristics

The entry for Linux/DDoS/Ferlect was added to cover for a Linux binary file originally called "drdos" . The malicious ELF type binary file has a filesize of 15,947 bytes.

The drdos v1.0 is a demonstration of distributed reflection denial of service attacks. By default it is using port 80 but other port may be specified.

The binary was compiled on a Linux RedHat v8.0 system. As Linux/UNIX ELF binary files are very specific regarding flavor/kernel version, it might not work on other Operating Systems/versions. Nevertheless, other Linux/UNIX systems might be the target of the attack.

Symptoms

Presence of an ELF binary file called drdos, 15,947 bytes.
Unusual traffic on port 80 (default) or others.

Method of Infection

Target systems might receive DoS packets on port 80 (default) , but other ports may be specified as well.

Removal

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• DDoS.Linux.Reflect (Kaspersky)

• ELF_FERLECT.A (Trend)

Characteristics

Characteristics -

The entry for Linux/DDoS/Ferlect was added to cover for a Linux binary file originally called "drdos" . The malicious ELF type binary file has a filesize of 15,947 bytes.

The drdos v1.0 is a demonstration of distributed reflection denial of service attacks. By default it is using port 80 but other port may be specified.

The binary was compiled on a Linux RedHat v8.0 system. As Linux/UNIX ELF binary files are very specific regarding flavor/kernel version, it might not work on other Operating Systems/versions. Nevertheless, other Linux/UNIX systems might be the target of the attack.

Symptoms

Symptoms -

Presence of an ELF binary file called drdos, 15,947 bytes.
Unusual traffic on port 80 (default) or others.

Method of Infection

Method of Infection -

Target systems might receive DoS packets on port 80 (default) , but other ports may be specified as well.

Removal -

Removal -

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants -

N/A