To me it looks like an hoax and an attempt to install Trojan. The author has not given how the virus will spread? As simple file size check would detect the virus, why run binaries from the author? The author signs as >Regards, > - anonymous > Should we believe him? I think this is an hoax, and do not run any binary to detect the so called virus. Raju, I wish you should have checked the authenticity before posting such stuff, which might create unnecessary panic among the lister. Regards, Mukund Deshmukh Beta Computronics Pvt. Ltd. Web site - http://betacomp.com From: Raju Mathur <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Monday, September 10, 2001 11:25 AM Subject: [LIH] (fwd) Remote Shell Trojan: Threat, Origin and the Solution >[Linux RST virus detector, cleaner and immuniser. > >WARNING: I haven't checked the code thoroughly enough to positively >state that it's not a trojan itself. Use at your own risk. > >The actual binary file is put up for download at: > > http://kandalaya.org/software/kill_rst.tgz > >-- Raju] > >This is an RFC 1153 digest. >(1 message) >---------------------------------------------------------------------- > >Return-Path: <[EMAIL PROTECTED]> >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 25174 invoked from network); 9 Sep 2001 13:20:59 -0000 >Reply-To: [EMAIL PROTECTED] >Organization: takashi industries >X-Mailer: KMail [version 1.0.28] >Message-Id: <01090914541500.08399@bandit> >From: kai takashi <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], > [EMAIL PROTECTED], [EMAIL PROTECTED] >Subject: Remote Shell Trojan: Threat, Origin and the Solution >Date: Sun, 9 Sep 2001 14:40:27 +0300 > >Overview: > >At the 5th of September Qualys released a Security Warning regarding a Linux >based virus. This virus was called the "Remote Shell Trojan" (RST) and it >attacks Linux ELF binaries. It has replicating abilities: when run it will >infect all binaries in /bin and the current working directory. Besides that >it also spawns a process listening on UDP port 5503. When a properly crafted >packet is received by this process it will connect back with a system shell. > >Danger: > _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
