Security Alert - all PC Linux systems
A new Distributed Denial of Service (DDoS) tool has recently been
discovered on compromised machines running the Linux operating
system on PC computers. This program attempts to hide itself
of the compromised machine by masquerading as a system process.
Communication to and from the tool uses a protocol called NVP (a
lesser known IP protocol like UDP or TCP) and employs
encryption to hide the information. This tool is capable of
performing a number of Denial of Service (DoS) attacks against
other machines. In addition, the DDoS tool will also execute
arbitrary commands on the compromised host.
Detection
The tool can be detected as it listens for NVP traffic on the
compromised host. Also, since NVP is very rarely used, any sort of
NVP traffic to and from the host could be an indication that the
tool is present. Furthermore, any sudden changes in network
performance (normal, extremely bad, normal again) in set intervals
of time could be an indication that the tool is performing an
attack.
Counter measures
As the machine where the tool is running has been compromised, it
is possible that other malicious software is running on the
machine. A simple reboot might stop the tool from running, but if
you suspect that the tool is present on your system, contact your
system administrator immediately.