Security Incidents mailing list archives
Re: Remote Shell Trojan: Threat, Origin and the Solution
From: Kevin Gagel <Gagel () cnc bc ca>
Date: Mon, 10 Sep 2001 08:34:01 -0700
Has any expert c programers examined the c code to see if it actually does what the remarks say? I am suspicious of anything that is posted anonymously no matter how well it's documented. I don't know C well enough to tell if the documentation is accurately portraying what the code is really doing. If it's not then this a one very well crafted "socially engineered" virus...
RST was developed by us as a research project and intended only for internal
go as they were intended to go. An infected binary accidentely leaked out our
the public. But this might eventually get reverse engineered in the future and RST can then be actively abused by other people. Solution: We have created a set of utilities which can recursively detect and remove the virus from the system. It also has the option to make binaries IMMUNE for future
% perl Recurse.pl remove For more information regarding this read the included documentation. Conclusion:
Regards, - anonymous ------------------------------------------------------------------------ Name: kill_rst.tgz kill_rst.tgz Type: WinZip File (application/x-compressed) Encoding: base64 Description: Kill the beast!
-- ============================= Kevin W. Gagel Network Administrator College of New Caledonia gagel () cnc bc ca (250)561-5848 loc. 448 ============================= -------------------------------- The College of New Caledonia Visit us at http://www.cnc.bc.ca -------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Remote Shell Trojan: Threat, Origin and the Solution kai takashi (Sep 10)
- Re: Remote Shell Trojan: Threat, Origin and the Solution Nick FitzGerald (Sep 10)
- Re: Remote Shell Trojan: Threat, Origin and the Solution Kevin Gagel (Sep 10)
- Re: Remote Shell Trojan: Threat, Origin and the Solution Patrick Andry (Sep 10)
- <Possible follow-ups>
- RE: Remote Shell Trojan: Threat, Origin and the Solution John Stauffacher (Sep 10)
- RE: Remote Shell Trojan: Threat, Origin and the Solution Matt Block (Sep 10)
- RE: Remote Shell Trojan: Threat, Origin and the Solution Jonathan Rickman (Sep 10)
- RE: Remote Shell Trojan: Threat, Origin and the Solution Matt Block (Sep 10)