Hi I recently had an infection on one of my machines with the linux rst.b trojan. Qualys has a more or less detailed analysis of the code, and provides a remote detection tool here. https://www.qualys.com/forms/remoteshellb.html But even though I saw the running trojan process, knew the port of it and it was listening for incoming connections, Qualys' remote detection tool told me my host was clean. Did anyone run over the same behaviour? Is there a working remote detection utility?
ned _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
