Summary

A suspicious program was discovered on one of our Linux servers by a system administrator investigating a security incident. An analysis of the binary revealed that it was a hacking tool that was being used both as a backdoor into the server that it was installed on as well as a platform for launching denial of service attacks against other hosts on the internet. The denial of service capabilities of the program included the ability to flood a target host directly with a variety of different types of network traffic. The program also contained the ability to indirectly conduct a denial of service attack against a target by 'bouncing' traffic off of other servers on the internet. The program is designed to be controlled remotely by an attacker, who sends specially encoded messages over the internet instructing it what to do.

A more detailed advisory of the incident is available here