Qualys Detects and Provides Analysis of Newly-Discovered Linux Trojan

Supplies Free Detection and Cleansing Tools to Prevent Exploits of New Threat

REDWOOD SHORES, Calif., January 9, 2002 – Qualysâ„?, Inc., a leader in Managed Vulnerability Assessment, announces the detection and analysis of a new and potentially dangerous Remote Shell Trojan, referenced as RST.b, with backdoor and self-replicating functionality. Machines can become infected through binary email attachment or downloaded files. RST.b then installs a backdoor that listens for network traffic coming through any UDP port, making this trojan different and significantly more dangerous than the Remote Shell Trojan identified earlier by Qualys in September 2001. RST.b detection and cleansing tools are available at https://www.qualys.com/forms/remoteshellb.html.

Once infected with RST.b, systems start listening for network traffic on any UDP port. To activate the backdoor, attackers send specially-crafted UDP packets to launch arbitrary commands, scouring the system for sensitive data, vandalizing or completely destroying the files on the infected host. RST.b also has self-replicating capabilities, making it likely to spread across binary files on the infected host, a function that has previously been used in trojans and viruses affecting other operating systems, including Microsoft Windows. Another dangerous aspect of RST.b is that it allows hackers to query the Internet and find infected systems, increasing the speed and likelihood of exposure.

“As a leading provider of security threat management solutions, SecurityFocus alerts the community about potentially dangerous network threats,” said Ryan Russell, Incident Analyst for SecurityFocus. “SecurityFocus appreciates the contribution Qualys has made to the community by providing the analysis required to combat the RST.b virus as well as their diligence in developing tools to help organizations eliminate exposed or infected systems.”

“The most significant worry with RST.b is its unique ability to receive and execute payloads through the network, making it a threat to even the most secured hosts,” explained Gerhard Eschelbeck, Vice President of Engineering at Qualys. “On a positive note, during our analysis, we discovered programming errors in the virus trojan code that limit RST.b capabilities to self-replicate as efficiently as intended,” Eschelbeck continued.

Free RST.b detection and cleansing tools are available at https://www.qualys.com/forms/remoteshellb.html.

A vulnerability detection signature will be uploaded into the QualysGuard online network vulnerability scanning service so customers can understand their exposure level and protect against a potential attack. Users may also run a free vulnerability scan of their entire perimeter from Qualys at the same address.

“With the increased adoption of Linux, more trojans such as RST.b will likely surface and have a greater impact than we’ve experienced before,” explained Allan Carey, senior analyst from IDC. “Qualys is committed to sharing these discoveries with the security community, delivering a valuable service to help administrators manage the never-ending responsibilities associated with maintaining a secure network.”

Delivered over the Internet, the QualysGuard service removes the need for specialized customer-premise software and ensures that users are able to detect the latest network vulnerabilities as they emerge. The on-line solution uses a constantly-updated database of vulnerability signatures covering over three hundred applications on twenty different platforms. QualysGuard also validates adherence and effectiveness of existing policies and baseline security procedures. After each scan, data center administrator audiences are provided with concise summaries of every security risk and suggestions for corrective action. State-of the-enterprise reports and historical trend analysis are generated for Chief Security or Information Officers.

About Qualys, Inc.

Qualysâ„?, Inc., a leader in Managed Vulnerability Assessment, enables security professionals, Managed Security/Service Providers and corporate customers to remotely and automatically audit Internet-connected networks for security vulnerabilities. Where traditional security monitoring products require customers to buy, develop and manage solutions internally, Qualys’ service platform approach enables immediate, transparent and continuous security auditing and risk assessment of global networks, inside and outside the firewall. Founded in 1999 by a team of Internet security experts, Qualys is headquartered in Redwood Shores, California, with offices in France, Germany and the U.K. The company is privately financed by Deutsche Bank ABS Ventures, Bessemer Venture Partners, Trident Capital, and VeriSign, the leading provider of Internet trust services. For more information about Qualys, please visit http://www.qualys.com.

Don't miss