Supplies Free Detection and Cleansing Tools to Prevent Exploits of New Threat
Redwood City, Calif. — January 9, 2002 — Qualys, Inc., a leader of Managed Vulnerability Assessment, announces the detection and analysis of a new and potentially dangerous Remote Shell Trojan, referenced as RST.b, with backdoor and self-replicating functionality. Machines can become infected through binary email attachment or downloaded files. RST.b then installs a backdoor that listens for network traffic coming through any UDP port, making this trojan different and significantly more dangerous than the Remote Shell Trojan identified earlier by Qualys in September 2001. RST.b detection and cleansing tools are available at https://www.qualys.com/forms/remoteshellb.html.
Once infected with RST.b, systems start listening for network traffic on any UDP port. To activate the backdoor, attackers send specially-crafted UDP packets to launch arbitrary commands, scouring the system for sensitive data, vandalizing or completely destroying the files on the infected host. RST.b also has self-replicating capabilities, making it likely to spread across binary files on the infected host, a function that has previously been used in trojans and viruses affecting other operating systems, including Microsoft Windows. Another dangerous aspect of RST.b is that it allows hackers to query the Internet and find infected systems, increasing the speed and likelihood of exposure.
“As a leading provider of security threat management solutions, SecurityFocus alerts the community about potentially dangerous network threats,” said Ryan Russell, Incident Analyst for SecurityFocus. “SecurityFocus appreciates the contribution Qualys has made to the community by providing the analysis required to combat the RST.b virus as well as their diligence in developing tools to help organizations eliminate exposed or infected systems.”
“The most significant worry with RST.b is its unique ability to receive and execute payloads through the network, making it a threat to even the most secured hosts,” explained Gerhard Eschelbeck, Vice President of Engineering at Qualys. “On a positive note, during our analysis, we discovered programming errors in the virus trojan code that limit RST.b capabilities to self-replicate as efficiently as intended,” Eschelbeck continued.
Free RST.b detection and cleansing tools are available at https://www.qualys.com/forms/remoteshellb.html. A vulnerability detection signature will be uploaded into the QualysGuard online network vulnerability scanning service so customers can understand their exposure level and protect against a potential attack. Users may also run a free vulnerability scan of their entire perimeter from Qualys at the same address.
“With the increased adoption of Linux, more trojans such as RST.b will likely surface and have a greater impact than we’ve experienced before,” explained Allan Carey, senior analyst from IDC. “Qualys is committed to sharing these discoveries with the security community, delivering a valuable service to help administrators manage the never-ending responsibilities associated with maintaining a secure network.”
Delivered over the Internet, the QualysGuard service removes the need for specialized customer-premise software and ensures that users are able to detect the latest network vulnerabilities as they emerge. The on-line solution uses a constantly-updated database of vulnerability signatures covering over three hundred applications on twenty different platforms. QualysGuard also validates adherence and effectiveness of existing policies and baseline security procedures. After each scan, data center administrator audiences are provided with concise summaries of every security risk and suggestions for corrective action. State-of the-enterprise reports and historical trend analysis are generated for Chief Security or Information Officers.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.