DoS.Perl.Avirt

Aliases
DoS.Perl.Avirt (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/AvirtDoS-A (Sophos), DoS:PERL/Avirt.A* (RAV), Unix/DoS.Avirt (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Avirt (ClamAV), DoS Program (Panda), Perl/DoS.Avirt (Eset)

Technical details
This malicious program can be used to conduct DoS attacks on a remote server. The program itself is a script file written in Perl. The file is approximately 1400 bytes in size.

Payload
This script will conduct a DoS attack on Avirt Mail Server ver3.5. The remote malicious user gives the name of the host to be attacked and a user name. The access password is a string composed of 856 letter 'A's.

Processing such a connection will cause a buffer overrun, resulting in an attacker being able to execute random code on the victim system.

Removal instructions
1. Delete the infected script file.
2. Perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).