DoS.Linux.IISuxor

Aliases
DoS.Linux.IISuxor (Kaspersky Lab) is also known as: Linux/Iisuxor (McAfee), Trojan Horse (Symantec), DDoS.IISAttack.15048 (Doctor Web), Linux/IISuxor (Sophos), DoS:Linux/IISuxor (RAV), ELF:IISuxor (ALWIL), DoS Program (Panda), Linux/DoS.IISuxor (Eset)

Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. It is 15 048 bytes in size. It is written in C++.

Payload

The program exploits a buffer overflow vulnerability when incoming data is processed by Microsoft IIS HTTP server in order to conduct a DoS attack on the remote machine. The address of the computer and the server's working directory are designated by the remote malicious user as a inbound parameter when launching the malicious program.

This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.

Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).