honeynet reverse challenge

PrevNext

Summary

Honeypot University
Security Incident 0001 - SUMMARY
May 31, 2002
netsecurity@honeyp.edu

We recently discovered a malicious executable file on our computer system. This file was left on a machine which had been compromised through other means -- means which are undetermined at this point. The executable file was intended to give a remote user the capability of launching attacks on other computer systems through the Internet. Using a host computer (like ours) for this purpose provides two benefits to an aspiring mischief maker:

  1. Amplification: Attacking simultaneously from 1000 computers is more effective than attacking from a single computer.

  2. Identity obfuscation: It's more difficult to trace malicious activity to its source when that activity is perpetrated via unsuspecting "zombie" computers. Only the most feeble-minded bad guys launch massive attacks directly from computers overtly associated with them.
The malicious executable file has been removed and we have monitored the network communication channel used by this program in order to ensure its total annihilation. We anticipate no direct impact to our system's users as a result of this program's erstwhile presence on the network.
PrevNext
timestampadvisory