Security Alert - all PC Linux systems

A new Distributed Denial of Service (DDoS) tool has recently been discovered on compromised machines running the Linux operating system on PC computers.  This program attempts to hide itself of the compromised machine by masquerading as a system process. Communication to and from the tool uses a protocol called NVP (a lesser known IP protocol like UDP or TCP)  and employs encryption to hide the information.  This tool is capable of performing a number of Denial of Service (DoS) attacks against other machines.  In addition, the DDoS tool will also execute arbitrary commands on the compromised host.


The tool can be detected as it listens for NVP traffic on the compromised host. Also, since NVP is very rarely used, any sort of NVP traffic to and from the host could be an indication that the tool is present. Furthermore, any sudden changes in network performance (normal, extremely bad, normal again) in set intervals of time could be an indication that the tool is performing an attack.

Counter measures

As the machine where the tool is running has been compromised, it is possible that other malicious software is running on the machine. A simple reboot might stop the tool from running, but if you suspect that the tool is present on your system, contact your system administrator immediately.