Details
DDoS.Win32.Boxed.a

This is a DDoS (Distributed Denial of Service) Trojan. It conducts a SYN Flood attack on a number of servers in the bootcom.com doman. It works under Windows NT.
When launched, it creates a service named Secure transactions provider, which covertly starts each time the system boots up.
The service launches five threads, each of which sends TCP packets to one of the servers under attack at high frequency, with SYN flags set. This will cause the network to slow noticeably.

Related Posts

This entry was posted on Monday, September 18th, 2006 at 4:00 am and is filed under Virus Threats.