Class DoS
Platform Perl

Technical Details

This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 7747 bytes in size.


The program exploits a buffer overflow vulnerability in processing incoming data in order to conduct a DoS attack on the remote machine.

Its functionality makes it possible to attack the following servers:

  • Avirt Mail Server v3.5
  • BFTelnet Server v1.1
  • BisonWare FTP Server v3.5
  • Broker FTP Server v3.5
  • Cmail SMTP Server v2.4
  • ExpressFS FTP server v2.x
  • G6 FTP Server v2.0 beta4/5
  • MDaemon httpd Server v2.8.5.0
  • PakMail SMTP/POP3 v1.25
  • Vermillion FTP Server v1.23
  • WFTPD FTP Server 2.40
  • XtraMail POP3 Server v1.11
  • ZetaMail POP3 Server v2.1

The remote malicious user is required to provide the address, type of server to be attacked and authorization parameters on program launch.

The malicious script may cause the server under attack to suffer reduced performance in supporting network connections.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
  2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Find out the statistics of the threats spreading in your region