nasty_virus
nasty_virus
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Rare Linux virus on the loose

'RST.b' similar to Remote Shell Trojan found in October

James Middleton, vnunet.com 03 Jan 2002
ADVERTISEMENT

It has emerged in the last week that another of those rare Linux viruses may be on the loose. And this one has strong similarities to October's Remote Shell Trojan (RST) that was largely dismissed by the Linux community.

In a posting to a security mailing list at the end of December, SecurityFocus brought 'RST.b' to the internet community's attention.

The researchers warned that the culprit carrying the virus is likely to be "some exploit being passed around, possibly a Secure Shell one". Linux users are advised not to run exploits from unknown sources.

Once it has gained a foothold into the system, it installs a back door and attempts to escalate its permissions to root privileges.

The basic differences to the October version are that the new virus tries to communicate with a machine on a different IP address to the original RST, and the backdoor operates on the Exterior Gateway Protocol instead of the User Datagram Protocol.

Like the original RST, the virus infects binary files in the Linux Executable and Linking Format (ELF).

RST.b infects the start address in ELF headers with an address that points to its own code. So when an infected program is run, a parent string forks off to run the original code so as to avoid suspicion, while a child string "takes care of the evil stuff", according to researchers at Lockeddown.net.

"Not only do we have a virus spreading, but it is opening up the infected boxes to attackers," they added.

A SecurityFocus researcher who attempted to contact the host of the web server that had infected the machines said: "The response I got indicated that 'his account was terminated a few weeks ago'. I received no response to a later request for clarification."

See also:

Complex Linux virus warning
'Zeitgeist of new interest', says expert  11 Jun 2002
Experts warn of Linux/Windows virus
Polymorphic, entry-point-obfuscating worm hits the web  05 Jun 2002
Jac virus targets Linux
First to hit the platform in three months  13 Mar 2002
Desktop Linux still remote
Operating system is still no threat to Microsoft.  16 Jan 2002
linux_7
Linux Mutt in the dog house
Buffer overflow warning sent to users  08 Jan 2002
Users lose confidence in AV software
Gokar worm highlights fallibility of current antivirus systems  04 Jan 2002
Linux users warned of new Trojan danger
Remote Shell worm could cause more damage than Code Red  07 Sep 2001
Linux based Trojan gets a closer look
Details of Remote Shell worm uncovered  07 Sep 2001

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduat
| Aston Carter
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduate. This is an amazing opportunity to join a successful city based team working at the cutting edge of development. My client is looking for strong Java/J2EE developers ... more >
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, L
| Aston Carter
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, London, City Graduate This is an exceptional opportunity for a talented Java, J2EE developer keen to work in a successful development team within arguable the best agile ... more >
2nd Line Support Analyst - London - to£40k
| Rullion Computer Personnel Ltd
2nd Line Support Analyst London £35, 000 to £40, 500 My client is a global market leader in the Internet Applications Industry. The company is continually progressing and looking for areas of growth and this ... more >
Security Solution Architect
| Rullion Computer Personnel Ltd
Security Architect / Information Security Specialist – St Albans - Global Leader - Shine At The Highest Level Security Solution Architect / Information Security Architect required by renowned blue-chip organisation offering the finest security projects ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503