Re: Remote Shell Trojan: Threat, Origin and the Solution

[Kevin Gagel <Gagel () cnc bc ca>]

Has any expert c programers examined the c code to see if it actually
does what the remarks say?
I am suspicious of anything that is posted anonymously no matter how
well it's documented. I 
don't know C well enough to tell if the documentation is accurately
portraying what the code is
really doing.

If it's not then this a one very well crafted "socially engineered"
virus...


> RST was developed by us as a research project and intended only for internal

> go as they were intended to go. An infected binary accidentely leaked out our

> the public. But this might eventually get reverse engineered in the future and
> RST can then be actively abused by other people.
>
> Solution:
>
> We have created a set of utilities which can recursively detect and remove the
> virus from the system. It also has the option to make binaries IMMUNE for future

> % perl Recurse.pl remove
>
> For more information regarding this read the included documentation.
>
> Conclusion:

> Regards,
>         - anonymous
>
>   ------------------------------------------------------------------------
>                       Name: kill_rst.tgz
>    kill_rst.tgz       Type: WinZip File (application/x-compressed)
>                   Encoding: base64
>                Description: Kill the beast!

-- 
=============================
Kevin W. Gagel
Network Administrator
College of New Caledonia
gagel () cnc bc ca
(250)561-5848 loc. 448
=============================
--------------------------------
The College of New Caledonia
Visit us at http://www.cnc.bc.ca
--------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com