Security Alert - all PC Linux systems
A new Distributed Denial of Service (DDoS) tool has recently been discovered
on compromised machines running the Linux operating system on PC computers.
This program attempts to hide itself of the compromised machine by masquerading
as a system process. Communication to and from the tool uses a protocol called
NVP (a lesser known IP protocol like UDP or TCP) and employs encryption
to hide the information. This tool is capable of performing a number
of Denial of Service (DoS) attacks against other machines. In addition,
the DDoS tool will also execute arbitrary commands on the compromised host.
Detection
The tool can be detected as it listens for NVP traffic on the compromised
host. Also, since NVP is very rarely used, any sort of NVP traffic to and
from the host could be an indication that the tool is present. Furthermore,
any sudden changes in network performance (normal, extremely bad, normal again)
in set intervals of time could be an indication that the tool is performing
an attack.
Counter measures
As the machine where the tool is running has been compromised, it is possible
that other malicious software is running on the machine. A simple reboot might
stop the tool from running, but if you suspect that the tool is present on
your system, contact your system administrator immediately.