The Reverse Challenge: Summary

CSIRT honeyp.edu MEMORANDUM MEM-2002-01

Security Incident Report

Date: Friday, May 31,2002

Overview

In early May 2002, honeyp.edu CSIRT received a report of a site finding a new distributed denial of service (DDOS) tool that is being called "the-binary". The purpose of the tool is to enable attackers to utilize an Internet connected system to launch denial of service attacks against one or more target systems. It also provides the attacker a backdoor to the compromised system, allowing a complete remote control of it.

Communication to the media

Unfortunately some of our systems have been involved in an attack to other companies and the media has some information about it.

Employee should be aware that no communcation to the media should be done but the one provided by our Press Office. In case of being contacted directly by the media, employees should redirect them to our Press Office.

Our Press Office will express our will to collaborate with the authorities to investigate the incident and we will provide them with any required data while preserving business confidential information.

Impact

There is a cost estimation of the incident that shows a high economical impact. Actions should be taken to avoid future incidents like this since the countermeasures are more afordable than the impact.

The Security Department will start implementing the countermeasures immediately and report to the CIO. An advisory has been issued to help them.

Authors: G. Martin, J. Ortiz, D. Perez, R.Siles.

Honeyp.edu CSIRT Contact Information

Email: csirt@honeyp.edu

Phone: +1 000-000-0000 (24-hour hotline)

Fax: +1 000-000-0000

Postal address:

CSIRT-Honeyp.edu

Honeyp University

Nowhere 0000

EARTH

CSIRT-Honeyp.edu personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on holidays, and on weekends.