Panther


· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·



Overview

Summary:

Denial of service UDP-based attack designed for a 28.8-56k connection.

Alias:

DoS.Win32.Panther.m1, DoS.Win32.Panther.m2

Category:

Flooder: A program that overloads a connection by any mechanism, such as fast pinging, causing a DoS attack.

DoS: An exploit whose purpose is to deny somebody the use of the service: namely to crash or hang a program or the entire system. Examples of DoS attacks include flooding the victim with more traffic than can be handled; flooding a service (like IRC) with more events than it can handle bomb; crashing a TCP/IP stack by sending corrupt packets; crashing a service by interacting with it in an unexpected way; or hanging a system by causing it to go into an infinite loop. For example, the Ping of Death exploit crashed machines by sending illegally fragmented packets at a victim. A common word for DoS is ""nuke"", which was first popularized by the WinNuke program.

Variants:

  • Panther 2
  • Similar Pests:

    Flooder · DoS

    Origins

    Group:

    Global kOS

    By This Group:

    Digital Destruction Suite 1.0 ·

    Date of Origin:

    September, 2001

    Distribution

    Prevalence:

  • Panther 2: 0.1%
  • More Info

    Clot Factor:

  • Panther 2: < 1
  • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Countries Affected:

    In the past three months, we have received reports of Panther in Argentina.

    Operation

    Storage Required:

  • Panther: at least 5 KB
  • Panther 2: at least 245 KB
  • Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.



    Manual Removal:

    Follow these steps to remove Panther from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:

  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
  • Research By:

  • PestPatrol's Pest Research Center
  • Last Revised:

    April 04, 2005