|Detected||May 19 2004 13:54 GMT|
|Released||May 19 2004 13:54 GMT|
|Published||May 20 2004 07:54 GMT|
This is a DDoS (Distributed Denial of Service) Trojan. It conducts a SYN Flood attack on a number of servers in the bootcom.com doman. It works under Windows NT.
When launched, it creates a service named Secure transactions provider, which covertly starts each time the system boots up.
The service launches five threads, each of which sends TCP packets to one of the servers under attack at high frequency, with SYN flags set. This will cause the network to slow noticeably.
This type of malicious program is designed to conduct a DoS attack from an infected computer on a pre-defined address.
Essentially, a DoS attack involves sending numerous requests to the victim machine; this leads to a denial of service if the computer under attack does not have sufficient resources to process all the incoming requests.
In order to conduct a successful DoS attack, malicious users often infect a number of computers with this type of Trojan in advance (for example, as part of a mass spam mailing.) As a result, all the infected computers will attack the victim machine.