Qualys Detects and Provides Analysis of Newly-Discovered Linux Trojan

Supplies Free Detection and Cleansing Tools to Prevent Exploits of New Threat



Jan 09, 2002, 00:00 ET from Qualys, Inc.

    REDWOOD SHORES, Calif., Jan. 9 /PRNewswire/ -- Qualys(TM), Inc., a leader
 of Managed Vulnerability Assessment, announces the detection and analysis of a
 new and potentially dangerous Remote Shell Trojan, referenced as RST.b, with
 backdoor and self-replicating functionality. Machines can become infected
 through binary email attachment or downloaded files. RST.b then installs a
 backdoor that listens for network traffic coming through any UDP port, making
 this trojan different and significantly more dangerous than the Remote Shell
 Trojan identified earlier by Qualys in September 2001. RST.b detection and
 cleansing tools are available at
 https://www.qualys.com/forms/remoteshellb.html .
     Once infected with RST.b, systems start listening for network traffic on
 any UDP port. To activate the backdoor, attackers send specially-crafted UDP
 packets to launch arbitrary commands, scouring the system for sensitive data,
 vandalizing or completely destroying the files on the infected host. RST.b
 also has self-replicating capabilities, making it likely to spread across
 binary files on the infected host, a function that has previously been used in
 trojans and viruses affecting other operating systems, including Microsoft
 Windows. Another dangerous aspect of RST.b is that it allows hackers to query
 the Internet and find infected systems, increasing the speed and likelihood of
 exposure.
     "As a leading provider of security threat management solutions,
 SecurityFocus alerts the community about potentially dangerous network
 threats," said Ryan Russell, Incident Analyst for SecurityFocus.
 "SecurityFocus appreciates the contribution Qualys has made to the community
 by providing the analysis required to combat the RST.b virus as well as their
 diligence in developing tools to help organizations eliminate exposed or
 infected systems."
     "The most significant worry with RST.b is its unique ability to receive
 and execute payloads through the network, making it a threat to even the most
 secured hosts," explained Gerhard Eschelbeck, Vice President of Engineering at
 Qualys. "On a positive note, during our analysis, we discovered programming
 errors in the virus trojan code that limit RST.b capabilities to
 self-replicate as efficiently as intended," Eschelbeck continued.
     Free RST.b detection and cleansing tools are available at
 https://www.qualys.com/forms/remoteshellb.html . A vulnerability detection
 signature will be uploaded into the QualysGuard online network vulnerability
 scanning service so customers can understand their exposure level and protect
 against a potential attack. Users may also run a free vulnerability scan of
 their entire perimeter from Qualys at the same address.
     "With the increased adoption of Linux, more trojans such as RST.b will
 likely surface and have a greater impact than we've experienced before,"
 explained Allan Carey, senior analyst from IDC. "Qualys is committed to
 sharing these discoveries with the security community, delivering a valuable
 service to help administrators manage the never-ending responsibilities
 associated with maintaining a secure network."
     Delivered over the Internet, the QualysGuard service removes the need for
 specialized customer-premise software and ensures that users are able to
 detect the latest network vulnerabilities as they emerge. The on-line solution
 uses a constantly-updated database of vulnerability signatures covering over
 three hundred applications on twenty different platforms. QualysGuard also
 validates adherence and effectiveness of existing policies and baseline
 security procedures. After each scan, data center administrator audiences are
 provided with concise summaries of every security risk and suggestions for
 corrective action. State-of-the-enterprise reports and historical trend
 analysis are generated for Chief Security or Information Officers.
 
     About Qualys, Inc.
     Qualys(TM), Inc., a leader of Managed Vulnerability Assessment, enables
 security professionals, Managed Security/Service Providers and corporate
 customers to remotely and automatically audit Internet-connected networks for
 security vulnerabilities. Where traditional security monitoring products
 require customers to buy, develop and manage solutions internally, Qualys'
 service platform approach enables immediate, transparent and continuous
 security auditing and risk assessment of global networks, inside and outside
 the firewall. Founded in 1999 by a team of Internet security experts, Qualys
 is headquartered in Redwood Shores, California, with offices in France,
 Germany and the U.K. The company is privately financed by Deutsche Bank ABS
 Ventures, Bessemer Venture Partners, Trident Capital, and VeriSign, the
 leading provider of Internet trust services. For more information about
 Qualys, please visit http://www.qualys.com .
 
                      MAKE YOUR OPINION COUNT - Click Here
                http://tbutton.prnewswire.com/prn/11690X73192965
 
 

SOURCE Qualys, Inc.
    REDWOOD SHORES, Calif., Jan. 9 /PRNewswire/ -- Qualys(TM), Inc., a leader
 of Managed Vulnerability Assessment, announces the detection and analysis of a
 new and potentially dangerous Remote Shell Trojan, referenced as RST.b, with
 backdoor and self-replicating functionality. Machines can become infected
 through binary email attachment or downloaded files. RST.b then installs a
 backdoor that listens for network traffic coming through any UDP port, making
 this trojan different and significantly more dangerous than the Remote Shell
 Trojan identified earlier by Qualys in September 2001. RST.b detection and
 cleansing tools are available at
 https://www.qualys.com/forms/remoteshellb.html .
     Once infected with RST.b, systems start listening for network traffic on
 any UDP port. To activate the backdoor, attackers send specially-crafted UDP
 packets to launch arbitrary commands, scouring the system for sensitive data,
 vandalizing or completely destroying the files on the infected host. RST.b
 also has self-replicating capabilities, making it likely to spread across
 binary files on the infected host, a function that has previously been used in
 trojans and viruses affecting other operating systems, including Microsoft
 Windows. Another dangerous aspect of RST.b is that it allows hackers to query
 the Internet and find infected systems, increasing the speed and likelihood of
 exposure.
     "As a leading provider of security threat management solutions,
 SecurityFocus alerts the community about potentially dangerous network
 threats," said Ryan Russell, Incident Analyst for SecurityFocus.
 "SecurityFocus appreciates the contribution Qualys has made to the community
 by providing the analysis required to combat the RST.b virus as well as their
 diligence in developing tools to help organizations eliminate exposed or
 infected systems."
     "The most significant worry with RST.b is its unique ability to receive
 and execute payloads through the network, making it a threat to even the most
 secured hosts," explained Gerhard Eschelbeck, Vice President of Engineering at
 Qualys. "On a positive note, during our analysis, we discovered programming
 errors in the virus trojan code that limit RST.b capabilities to
 self-replicate as efficiently as intended," Eschelbeck continued.
     Free RST.b detection and cleansing tools are available at
 https://www.qualys.com/forms/remoteshellb.html . A vulnerability detection
 signature will be uploaded into the QualysGuard online network vulnerability
 scanning service so customers can understand their exposure level and protect
 against a potential attack. Users may also run a free vulnerability scan of
 their entire perimeter from Qualys at the same address.
     "With the increased adoption of Linux, more trojans such as RST.b will
 likely surface and have a greater impact than we've experienced before,"
 explained Allan Carey, senior analyst from IDC. "Qualys is committed to
 sharing these discoveries with the security community, delivering a valuable
 service to help administrators manage the never-ending responsibilities
 associated with maintaining a secure network."
     Delivered over the Internet, the QualysGuard service removes the need for
 specialized customer-premise software and ensures that users are able to
 detect the latest network vulnerabilities as they emerge. The on-line solution
 uses a constantly-updated database of vulnerability signatures covering over
 three hundred applications on twenty different platforms. QualysGuard also
 validates adherence and effectiveness of existing policies and baseline
 security procedures. After each scan, data center administrator audiences are
 provided with concise summaries of every security risk and suggestions for
 corrective action. State-of-the-enterprise reports and historical trend
 analysis are generated for Chief Security or Information Officers.
 
     About Qualys, Inc.
     Qualys(TM), Inc., a leader of Managed Vulnerability Assessment, enables
 security professionals, Managed Security/Service Providers and corporate
 customers to remotely and automatically audit Internet-connected networks for
 security vulnerabilities. Where traditional security monitoring products
 require customers to buy, develop and manage solutions internally, Qualys'
 service platform approach enables immediate, transparent and continuous
 security auditing and risk assessment of global networks, inside and outside
 the firewall. Founded in 1999 by a team of Internet security experts, Qualys
 is headquartered in Redwood Shores, California, with offices in France,
 Germany and the U.K. The company is privately financed by Deutsche Bank ABS
 Ventures, Bessemer Venture Partners, Trident Capital, and VeriSign, the
 leading provider of Internet trust services. For more information about
 Qualys, please visit http://www.qualys.com .
 
                      MAKE YOUR OPINION COUNT - Click Here
                http://tbutton.prnewswire.com/prn/11690X73192965
 
 SOURCE  Qualys, Inc.