Misplaced Pages

Doze4

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by Tothwolf (talk | contribs) at 05:54, 25 February 2009 (Removed from Internet Relay Chat bots, bouncers and proxies category). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 05:54, 25 February 2009 by Tothwolf (talk | contribs) (Removed from Internet Relay Chat bots, bouncers and proxies category)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Doze4" – news · newspapers · books · scholar · JSTOR (May 2008) (Learn how and when to remove this message)
This article is an orphan, as no other articles link to it. Please introduce links to this page from related articles; try the Find link tool for suggestions. (May 2008)

Doze4 is an IRC drone, often left behind by script kiddies after a successful server crack. Once deployed, it seems to connect to BRASnet, waiting for commands from its owner. A typical use is for distributed denial-of-service attacks, sending the string "0123456789" over and over again to remote hosts; the program seems to have few other uses.

The source code for Doze4 does not seem to be readily available (only a Linux i386 binary is known); however, the program is small and does not appear to be encrypted, so disassembling it should be fairly easy given enough time and interest. The commands and help appear to be written in Portuguese, containing brief online help; the strings within the binary seem to claim Doze4 was written by a person with the alias "phyton".

Doze4 seems to a generic "off-the-shelf" tool (which is probably why it has become popular among script kiddies), in that it does not require any recompilation or tweaking to work; once deployed, it can be customized via command-line parameters to attack any host on any given port, also with a claim of spoofing; however, it is not generally known what this spoofing means in practice, let alone if it works at all.

System administrators encountering doze4 running on their own systems should use lsof to find out who the program is attacking (if any), do any required tracking work to identify the hole the attacker used and then kill off all doze4 processes as soon as possible.

Stub icon

This malware-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: