Qualys First to Detect and Protect Against New Linux Backdoor Trojan

Provides Free Downloadable Tools to Detect and Cleanse Linux Machines of New ‘Remote Shell Trojan’

SUNNYVALE, Calif., Sept. 5 /PRNewswire/ — Qualys, Inc., a leading provider of enterprise network vulnerability assessment and monitoring solutions, today announced that its QualysGuard(TM) online vulnerability scanning service is the first scanning solution capable of detecting the presence of a potentially dangerous new Linux backdoor Trojan identified as the Remote Shell Trojan. This Trojan consists of two primary components — a virus-like self replication capability, and the ability to install a backdoor process to enable remote attacks on the infected system. Qualys is making available a free downloadable tool to probe for the trojan’s presence on a Linux machine along with a free downloadable fix to cleanse infected files. These tools are available at https://www.qualys.com/form_remoteshell.html .

“While no system is perfectly secure, we believe that open source technologies provide the necessary transparency to better protect against security vulnerabilities, especially those related to downloading software from the Internet,” said Michael Tiemann, Chief Technology Officer of Red Hat Linux. “We applaud Qualys for delivering these tools as open source software to provide users with a trustable fix to this new security threat.”

This new trojan can be disseminated by inconspicuous emails and replicates itself on the infected Linux based system. Similar to Back Orifice on the Windows platform, this Trojan installs a backdoor that listens for incoming connections on UDP port 5503 or higher, enabling remote attackers to connect and take control of the system. Remote Shell Trojan is especially dangerous if a privileged user is launching the infected Linux application. In this case, the attacker connecting to the backdoor inherits the privileged credentials and can completely take over the infected machine.

“In the spirit of open source, Qualys has developed and is freely distributing two standalone tools to detect and eliminate the Remote Shell Trojan on infected machines,” said Gerhard Eschelbeck, Vice President, Engineering for Qualys, Inc. “A vulnerability detection signature to reveal the presence of the new trojan has also been integrated into the Qualys online network vulnerability scanning platform, which is used by numerous Managed Security Providers to provide companies with ongoing protection against such security threats.”

“With security researchers at multiple sites around the world, Qualys was the first to detect and respond immediately to this Trojan and also to identify that systems are connecting to a third party website during the infection process,” added Eschelbeck.

Qualys has developed tools to detect and clean the Remote Shell Trojan. The tool named “rst_detector” takes an IP address as a command line parameter and probes a specified remote computer to determine if it has the backdoor installed. The second tool, “rst_cleaner,” will be required to clean infected Linux files. These tools can be downloaded for free at https://www.qualys.com/form_remoteshell.html .

About Qualys, Inc.

Qualys, Inc. is a leading provider of network assessment and monitoring solutions, enabling Managed Security Providers, security professionals and corporate customers to remotely and automatically audit Internet-connected networks for security vulnerabilities. Where traditional security monitoring products require customers to buy, develop and manage solutions internally, Qualys’ service platform approach enables immediate, transparent and continuous security auditing and risk assessment of global networks, inside and outside the firewall. Founded in 1999 by a team of Internet security experts, Qualys is headquartered in Sunnyvale, California, with offices in France, Germany and the U.K. The company is privately financed by Deutsche Bank ABS Ventures, Bessemer Venture Partners, Trident Capital, and VeriSign, the leading provider of Internet trust services. For more information about Qualys, please visit www.qualys.com.




Share this