Qualys First to Detect and Protect Against New Linux Backdoor Trojan

Provides Free Downloadable Tools to Detect and Cleanse Linux Machines of New

'Remote Shell Trojan'



Sep 05, 2001, 01:00 ET from Qualys, Inc.

    SUNNYVALE, Calif., Sept. 5 /PRNewswire/ -- Qualys, Inc., a leading
 provider of enterprise network vulnerability assessment and monitoring
 solutions, today announced that its QualysGuard(TM) online vulnerability
 scanning service is the first scanning solution capable of detecting the
 presence of a potentially dangerous new Linux backdoor Trojan identified as
 the Remote Shell Trojan. This Trojan consists of two primary components -- a
 virus-like self replication capability, and the ability to install a backdoor
 process to enable remote attacks on the infected system. Qualys is making
 available a free downloadable tool to probe for the trojan's presence on a
 Linux machine along with a free downloadable fix to cleanse infected files.
 These tools are available at https://www.qualys.com/form_remoteshell.html .
     "While no system is perfectly secure, we believe that open source
 technologies provide the necessary transparency to better protect against
 security vulnerabilities, especially those related to downloading software
 from the Internet," said Michael Tiemann, Chief Technology Officer of Red Hat
 Linux. "We applaud Qualys for delivering these tools as open source software
 to provide users with a trustable fix to this new security threat."
     This new trojan can be disseminated by inconspicuous emails and replicates
 itself on the infected Linux based system. Similar to Back Orifice on the
 Windows platform, this Trojan installs a backdoor that listens for incoming
 connections on UDP port 5503 or higher, enabling remote attackers to connect
 and take control of the system. Remote Shell Trojan is especially dangerous if
 a privileged user is launching the infected Linux application. In this case,
 the attacker connecting to the backdoor inherits the privileged credentials
 and can completely take over the infected machine.
     "In the spirit of open source, Qualys has developed and is freely
 distributing two standalone tools to detect and eliminate the Remote Shell
 Trojan on infected machines," said Gerhard Eschelbeck, Vice President,
 Engineering for Qualys, Inc. "A vulnerability detection signature to reveal
 the presence of the new trojan has also been integrated into the Qualys online
 network vulnerability scanning platform, which is used by numerous Managed
 Security Providers to provide companies with ongoing protection against such
 security threats."
     "With security researchers at multiple sites around the world, Qualys was
 the first to detect and respond immediately to this Trojan and also to
 identify that systems are connecting to a third party website during the
 infection process," added Eschelbeck.
     Qualys has developed tools to detect and clean the Remote Shell Trojan.
 The tool named "rst_detector" takes an IP address as a command line parameter
 and probes a specified remote computer to determine if it has the backdoor
 installed. The second tool, "rst_cleaner," will be required to clean infected
 Linux files. These tools can be downloaded for free at
 https://www.qualys.com/form_remoteshell.html .
 
     About Qualys, Inc.
     Qualys, Inc. is a leading provider of network assessment and monitoring
 solutions, enabling Managed Security Providers, security professionals and
 corporate customers to remotely and automatically audit Internet-connected
 networks for security vulnerabilities. Where traditional security monitoring
 products require customers to buy, develop and manage solutions internally,
 Qualys' service platform approach enables immediate, transparent and
 continuous security auditing and risk assessment of global networks, inside
 and outside the firewall. Founded in 1999 by a team of Internet security
 experts, Qualys is headquartered in Sunnyvale, California, with offices in
 France, Germany and the U.K. The company is privately financed by Deutsche
 Bank ABS Ventures, Bessemer Venture Partners, Trident Capital, and VeriSign,
 the leading provider of Internet trust services. For more information about
 Qualys, please visit www.qualys.com.
 
                     MAKE YOUR OPINION COUNT -  Click Here
                http://tbutton.prnewswire.com/prn/11690X78420832
 
 

SOURCE Qualys, Inc.
    SUNNYVALE, Calif., Sept. 5 /PRNewswire/ -- Qualys, Inc., a leading
 provider of enterprise network vulnerability assessment and monitoring
 solutions, today announced that its QualysGuard(TM) online vulnerability
 scanning service is the first scanning solution capable of detecting the
 presence of a potentially dangerous new Linux backdoor Trojan identified as
 the Remote Shell Trojan. This Trojan consists of two primary components -- a
 virus-like self replication capability, and the ability to install a backdoor
 process to enable remote attacks on the infected system. Qualys is making
 available a free downloadable tool to probe for the trojan's presence on a
 Linux machine along with a free downloadable fix to cleanse infected files.
 These tools are available at https://www.qualys.com/form_remoteshell.html .
     "While no system is perfectly secure, we believe that open source
 technologies provide the necessary transparency to better protect against
 security vulnerabilities, especially those related to downloading software
 from the Internet," said Michael Tiemann, Chief Technology Officer of Red Hat
 Linux. "We applaud Qualys for delivering these tools as open source software
 to provide users with a trustable fix to this new security threat."
     This new trojan can be disseminated by inconspicuous emails and replicates
 itself on the infected Linux based system. Similar to Back Orifice on the
 Windows platform, this Trojan installs a backdoor that listens for incoming
 connections on UDP port 5503 or higher, enabling remote attackers to connect
 and take control of the system. Remote Shell Trojan is especially dangerous if
 a privileged user is launching the infected Linux application. In this case,
 the attacker connecting to the backdoor inherits the privileged credentials
 and can completely take over the infected machine.
     "In the spirit of open source, Qualys has developed and is freely
 distributing two standalone tools to detect and eliminate the Remote Shell
 Trojan on infected machines," said Gerhard Eschelbeck, Vice President,
 Engineering for Qualys, Inc. "A vulnerability detection signature to reveal
 the presence of the new trojan has also been integrated into the Qualys online
 network vulnerability scanning platform, which is used by numerous Managed
 Security Providers to provide companies with ongoing protection against such
 security threats."
     "With security researchers at multiple sites around the world, Qualys was
 the first to detect and respond immediately to this Trojan and also to
 identify that systems are connecting to a third party website during the
 infection process," added Eschelbeck.
     Qualys has developed tools to detect and clean the Remote Shell Trojan.
 The tool named "rst_detector" takes an IP address as a command line parameter
 and probes a specified remote computer to determine if it has the backdoor
 installed. The second tool, "rst_cleaner," will be required to clean infected
 Linux files. These tools can be downloaded for free at
 https://www.qualys.com/form_remoteshell.html .
 
     About Qualys, Inc.
     Qualys, Inc. is a leading provider of network assessment and monitoring
 solutions, enabling Managed Security Providers, security professionals and
 corporate customers to remotely and automatically audit Internet-connected
 networks for security vulnerabilities. Where traditional security monitoring
 products require customers to buy, develop and manage solutions internally,
 Qualys' service platform approach enables immediate, transparent and
 continuous security auditing and risk assessment of global networks, inside
 and outside the firewall. Founded in 1999 by a team of Internet security
 experts, Qualys is headquartered in Sunnyvale, California, with offices in
 France, Germany and the U.K. The company is privately financed by Deutsche
 Bank ABS Ventures, Bessemer Venture Partners, Trident Capital, and VeriSign,
 the leading provider of Internet trust services. For more information about
 Qualys, please visit www.qualys.com.
 
                     MAKE YOUR OPINION COUNT -  Click Here
                http://tbutton.prnewswire.com/prn/11690X78420832
 
 SOURCE  Qualys, Inc.