Hello! There is ongoing DDOS attack against some websites in Russia, including http://www.peterhost.ru. It has begun at 21, January, and has increased over time. Actual flood is performed by little executables on "infected" computers. These .exe files lie at the root directory of the drive C of each computer. They vary in size, and are, in common, from 3072 to 5120 bytes in size. Some of names of these executables are: 666.exe rich.exe ric1.exe fich.exe tcpf.exe udpf.exe tzpf.exe tzpy.exe This in not a real infection, though. Affected computers have different versions of Windows installed. There are Windows 98 as well as Windows 2000 and XP. Most of these computers are somewhat protected with firewall. Other software differs, too, but there is one common point between most of them: they have Remote Administrator 2.x (http://www.famatech.com) installed and reachable from the Internet. It does not look like a simple issue with weak passwords. I did speak with a owner of the affected PC, and he assured me that his RA password is strong enough. Moreover, there is a thread on the same problem: http://www.famatech.com/support/forum/read.php?PAGEN_1=1&FID=11&TID=5856#nav _start As of Feb, 12, most computers used for DDOS were located at IP networks with following first octets: 200, 202, 203, 210-213, 217-220, 24, 61-69, 80-82. With best regards, Pavel Levshin. E-mail: flicker@mariinsky.ru
