Security Incidents mailing list archives
.:: 14x :: Information :: New DDoS/Trojan ::.
From: nine () 14X NET (Erik Tayler)
Date: Tue, 13 Jun 2000 18:33:14 -0500
Recently I posted a message to incidents about a new DDoS/Trojan I had discovered. I hope you have all been reading replies to the post as they are very insightful. I just wanted to make a few closing comments about this, so the thread can dwindle away into nothingness, and people know what is happening. 1 - A few of the people that have been in contact with 14x Network Security have analyzed the DDoS agent, the official name for it is "Omega", keep an eye open for that. 2 - Be aware of files that you recieve from outside sources, trusted or not. One of the greatest ways to put an end to this DDoS nonsense is to simply be aware. Omega disguises itself as in.identd [auth], a common and trusted service. 3 - I suggest that everyone that reads this should check their system for Omega, make sure your in.identd is legit. 4 - If someone sends Omega to you, contact the proper authorities, or let me know, nine () 14x net. If you would like more information about Omega, please contact me. Erik Tayler 14x Network Security http://www.14x.net
Current thread:
- update on scans of tcp 12345 AUSCERT#36349 Russell Fulton (Jun 05)
- Re: update on scans of tcp 12345 AUSCERT#36349 Shaw Terwilliger (Jun 08)
- unknown trojan (attached) Jeremy L. Gaddis (Jun 08)
- ** New DDoS / Trojan ** nine (Jun 10)
- Re: ** New DDoS / Trojan ** Pierre Vandevenne (Jun 12)
- Re: unknown trojan (attached) Brandon Kittler (Jun 10)
- Re: unknown trojan (attached) Doug Kahler (Jun 12)
- .:: 14x :: Information :: New DDoS/Trojan ::. Erik Tayler (Jun 13)
- Re: .:: 14x :: Information :: New DDoS/Trojan ::. Lic. Rodolfo Gonzalez Gonzalez (Jun 15)
- IRC connect through apache ???? arhuman () HOTMAIL COM (Jun 14)
- Re: IRC connect through apache ???? Eric Vyncke (Jun 15)
- ** New DDoS / Trojan ** nine (Jun 10)
- <Possible follow-ups>
- Re: update on scans of tcp 12345 AUSCERT#36349 Bryan Scaringe (Jun 08)
- Re: update on scans of tcp 12345 AUSCERT#36349 Luke Dudney (Jun 10)