Event ID - 667

Port No667
Service NameBackdoor.Linux.Trinity
RFC Doc0
ProtocolTCP
DescriptionThis malware can be manipulated remotely to control infected machines and launch what constitutes a denial of service (DoS) attack against systems running Linux or Unix. This malware also continually attempts to connect to certain IP addresses, causing huge network traffic and infected systems to slow down
Reference LinkBackdoor.Linux.Trinity
AttackSolutions:

Scan your system with Trend Micro antivirus and delete all files detected as DDOS_TRINITY.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Details:

This malware, which runs on Linux and Unix, waits for malicious commands from remote users. It executes these commands to constitute a denial of service (DoS) attack against other machines. These attacks can be further classified into the following:

udpflood
fragmentflood
synflood
rstflood
randomflagsflood
ackflood
establishflood
nullflood

Also, this malware constantly attempts to connect to the following IP addresses, causing huge network traffic and can cause the infected system to slow down:

204.127.145.17
216.24.134.10
208.51.158.10
199.170.91.114
207.173.16.33
207.96.122.250
205.252.46.98
216.225.7.155
205.188.149.3
207.69.200.131
207.114.4.35

The following strings can be found in this malware's body:

trinity v3 by self (an idle mind is the devil's playground)

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.