[The following is a summary of analisys of a binary captured in honeypot apollo.honeyp.edu. This summary is based on information detailed in the file analysis.html.] Sometime in 2002 a Honeynet system was compromised. Analysis of the remote control that was installed on the system shows that a compromised system can be used to perform DOS attacks against another servers using 1) DNS Smurf type attack ( more details on this http://www.cert.org/incident_notes/IN-2000-04.html ) 2) SYN flood attack (more details on this http://www.cert.org/advisories/CA-1996-21.html ) In addition to this an remote attacker can , using this executable , execute any arbitrary commands on the compromised machine. ( e.g. deleting / changing files , install more mallitious software on compromised host , etc.) There is no evidence the attack was directed against this institution specifically, rather this was a random intrusion designed to simply gain access to as many systems as possible. This incident is typical of IRC "war" related activity as described in CIAC document 2318, titled "IRC on Your Dime": http://ciac.llnl.gov/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdf The system was taken out of service before the intruder was able to use any of the malicious functions contained in the program, which prevented any damage to other internal systems or to external entities. The intruder used automated tools to install additional malicious software, which did significant damage to the system (in the form of replacement of original operating system programs and addition of malicious programs) in a very short period of time. This damage was so extensive that the complete re-formatting and re-installation of all operating system programs would be necessary to ensure control was fully regained. Evidence was preserved for any possible law enforcement activity. The estimated cost of analysis of this incident (see "costs.txt" for full break-down) is $2876.20 +/- $421.18.