USA News Releases
Qualys First To Detect And Protect Against New Linux Backdoor Trojan
Provides Free Downloadable Tools To Detect And Cleanse Linux Machines of New "Remote Shell Trojan"
"While no system is perfectly secure, we believe that open source technologies provide the necessary transparency to better protect against security vulnerabilities, especially those related to downloading software from the Internet" said Michael Tiemann, Chief Technology Officer of Red Hat Linux. "We applaud Qualys for delivering these tools as open source software to provide users with a trustable fix to this new security threat."
This new trojan can be disseminated by inconspicuous emails and replicates itself on the infected Linux based system. Similar to Back Orifice on the Windows platform, this Trojan installs a backdoor that listens for incoming connections on UDP port 5503 or higher, enabling remote attackers to connect and take control of the system. Remote Shell Trojan is especially dangerous if a privileged user is launching the infected Linux application. In this case, the attacker connecting to the backdoor inherits the privileged credentials and can completely take over the infected machine.
"In the spirit of open source, Qualys has developed and is freely distributing two standalone tools to detect and eliminate the Remote Shell Trojan on infected machines," said Gerhard Eschelbeck, Vice President, Engineering for Qualys, Inc. "A vulnerability detection signature to reveal the presence of the new trojan has also been integrated into the Qualys online network vulnerability scanning platform, which is used by numerous Managed Security Providers to provide companies with ongoing protection against such security threats."
"With security researchers at multiple sites around the world, Qualys was the first to detect and respond immediately to this Trojan and also to identify that systems are connecting to a third party website during the infection process." added Eschelbeck. Qualys has developed tools to detect and clean the Remote Shell Trojan. The tool named "rst_detector" takes an IP address as a command line parameter and probes a specified remote computer to determine if it has the backdoor installed. The second tool, "rst_cleaner," will be required to clean infected Linux files. These tools can be downloaded for free at https://www.qualys.com/forms/remoteshell.html.
About QualysGuardThe QualysGuard Web Service automates Network Security Audits and Vulnerability Management ensuring the security of information networks. With the highest degree of accuracy, data integrity, scalability, and ease of use, QualysGuard is available in a variety of packages designed to meet the specific needs of enterprises, SMBs, consultants, or managed service providers.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Contact: Megan Lamb