It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits.
[2] A trinoo network has been connected to the February 2000 distributed denial of service attack on the Yahoo!
[3] Trinoo is famous for allowing attackers to leave a message in a folder called cry_baby.
The file is self replicating and is modified on a regular basis as long as port 80 is active.
The Daemons are the compromised hosts that launch the actual UDP floods against the victim machine.