Re: Files used for DoS attack ?
From: James Grant (nospam_at_nospam.com)
Date: 06/30/03
- Next message: Duane Arnold: "Re: Zyxel, Prestige 312 - unsuccessful firmware upgrade"
- Previous message: Erik Miller: "Re: How to pass IPSEC through FW-1 4.1?"
- Maybe in reply to: Duane Arnold: "Re: Files used for DoS attack ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Jun 2003 03:26:28 GMT
Peter Richards wrote:
>
> Hi,
>
> We have cause to think there is a DoS attack on a computer. Is there a
> list of files somewhere, that will help us find if this software is
> installed on a computer ?
>
> Some filenames I thought were associated with it are:
>
> W32.DoS.funtime
> Solaris.DoS.stacheld.c
> Solaris.DoS.stacheld.t
> Solaris.DoS.stacheld.m
> TFN
> TFN2K
> Trinoo
> Stacheldraht
> Zombie
> *duload*.*
> sysconfig.exe
>
> Last time this happened, the person created a folder called Media
> under the windows path, but I think that came from Kazaa ??
>
> Peter
>
> Peter Richards
> peter_j_richards@nospamplease.com
> (but use hotmail to email)
Yes, these files (except for sysconfig.exe, perhaps) are DoS files.
Symantec A/V detects them.
Check their website:
http://securityresponse.symantec.com/avcenter/venc/dyn/29948.html
Also, this link will be of interest:
http://www.swpark.or.th/discussion/discussion_detail.asp?group_id=5&discussion_id=23
(I'm not the "Mr. James")
James Grant
- Next message: Duane Arnold: "Re: Zyxel, Prestige 312 - unsuccessful firmware upgrade"
- Previous message: Erik Miller: "Re: How to pass IPSEC through FW-1 4.1?"
- Maybe in reply to: Duane Arnold: "Re: Files used for DoS attack ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
