"anonymous <rstat_private> wrote: > At the 5th of September Qualys released a Security Warning regarding a Linux > based virus. This virus was called the "Remote Shell Trojan" (RST) and it > attacks Linux ELF binaries. It has replicating abilities: when run it will > infect all binaries in /bin and the current working directory. Besides that > it also spawns a process listening on UDP port 5503. When a properly crafted > packet is received by this process it will connect back with a system shell. <<snip>> To the best of my knowledge, neither Qualys nor yourselves (or anyone else) has provided samples of this virus to the usual antivirus research community. You are more likely to have a fix for this virus reach where it is needed through those established and now fairly well-honed delivery systems than by posting to a public mailing list. If you or Qualys wish to provide such samples to the antivirus research community, please send the samples where you would normally send virus samples. If you do not have a preferred vendor or vendors, here is a list of the sample submission addresses of the better known antivirus developers -- please choose the vendor(s) you feel happy trusting such code to and supply them with a sample: Command Software <virusat_private> Computer Associates (US) <virusat_private> Computer Associates (Vet/IPE) <ipevirusat_private> DialogueScience (Dr.Web) <Antivirat_private> Eset (NOD32) <trnkaat_private> F-Secure Corp. <samples@f-secure.com> Frisk Software <viruslabat_private> Kaspersky Labs <newvirusat_private> Network Associates (US) <virus_researchat_private> Norman (NVC) <analysisat_private> Sophos Plc. <supportat_private> Symantec <avsubmitat_private> Trend Micro <virus_doctorat_private> -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 08:34:10 PDT