Hack-Tool:W32/Daij.A

Classification

Category :

Riskware

Type :

Hack-Tool

Summary

Hack-Tool:W32/Daij.A is Denial-of-Service (DoS) software designed to continuously submit multiple connection requests to a specified target.

With a large enough number of individuals, this hack-tool could possibly be used to attempt a Distributed Denial-of-Service (DDoS) attack.

The authors of Hack-Tool:W32/Daij.A have designated November 11th as a DDoS attack date.

Removal

Based on the settings of your F-Secure security product, it may block the file from running, move it to the quarantine where it cannot spread or cause harm, or ask you to select an action.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Hack-Tool:W32/Daij.A is provided by Web sites promoting a global online cyber attack coined as "e-Jihad" or "Cyber Jihad".

This idea has been circulating for some time with the intend to target Western based sites. November 11th, 2007 is reportedly a target date.

This hack-tool arrives as an installer package . The package, by default will be installed in [Program Files]\e-jihad3 directory.

After installation, the following files will be present on the system:

  • [Program Files]\e-jihad3\e-Jihad.exe
  • [Program Files]\e-jihad3\mswinsck.ocx
  • [Program Files]\e-jihad3\unins000.dat
  • [Program Files]\e-jihad3\unins000.exe

Upon execution, a form will be displayed requesting a Username and Password.

The Interface usually has two buttons. To check its validity the username and password will be submitted to this following location:

  • http://al-jinan.net/tlog.phplogn=[input username] pss=[input password]

If the username and password are valid, it will open the main control interface.

The other button is used for registering a new user and requires the following fields:

  • New username
  • Create password
  • Confirm password
  • Username of the one providing the recommendation

The new user registration is then sent to the following location:

  • https://al-jinan.net/tnewu.phpnlogn=[New Username] npss=[Password of New User] invitedby=[Username Who Recommended]

Once the logon is successful, the main control interface will then load.

It will initially set the firewall settings to allow the application access through the firewall.

It then retrieves the default proxy setting of the system and uses it as the default value for the target address to attack.

The hack-tool is a simple DoS application that continuously sends multiple connection request to the target specified in the interface.

Besides manually setting the target, the tool will also continuously query:

  • https://jo-uf/ntarg/php
  • https://jo-uf.net/ntarg.php

The query is used to join the DDoS network in order to attack a defined address set by the command and control (C C) server.

For failed attempts and errors, the tool displays an error dialog.