Section 19.15 Finding the mstream Trojan

   


19.15 Finding the mstream Trojan

The following find command will find candidate executables that might be the mstream DDoS Trojan:[2]

[2] Thanks to Internet Security Systems, Inc., for providing information on mstream detection.

 
 find / ! -fstype proc -type f -print | xargs grep -l newserver 

This might generate a false positive on /usr/bin/xchat. For suspected binaries the following will list the name of each file that very likely is mstream, if it is the mstream master controller or zombie:

 
 strings file | grep -l pong 

       
    Top


    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net