Article title: The New Linux Trojan virus RST. B is emerging. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Security experts have warned that a new, more dangerous remote control virus that specifically attacks Linux systems has emerged, but they do not expect the malicious code program to be widely spread.
According to a preliminary analysis by security experts, the new smarter Trojan is a variant of the RST Trojan (Remote Shell Trojan) launched in last September, which is specially infected with program files on Linux systems. Compared with the original RST, the new variant is designed to infect binary files on Linux ELF files. it can create a backdoor program in the infected system, allowing remote attackers to create a fully-customized system.
The latest variant was first obtained by Qualys, a security management provider, at the end of last month. they named the new Trojan virus RST. B and said they would launch a removal tool next week.
However, experts pointed out that RST. B is more harmful than its predecessors because it contains a payload that can turn infected machines into network sniffer. After the infected machine becomes a sniffer, it can identify the virus and open some communication ports. Security expert Eschelbeck said: "The sniffer function is to allow backdoor programs to listen to any information packets from any type of UDP port. This seems interesting but dangerous ."
However, Qualys's discovery of the new virus is a bit different from the Lockdown of the security research organization. According to the Lockdown analysis, the new virus is less dependent on the external gateway protocol (EGP) than the user data packet Protocol (UDP ). They said the virus exists in a system called wargame box, which specializes in hacker attack experiments. The RST of the variant tries to connect to port 80 on the iGlobalSales. Com server of the Washington and Seattle websites, apparently uploading the Internet address of the infected system.
The virus is transmitted by running infected programs from accounts with root-directory permissions. Once running, the infected program tries to infect all ELF files on the local system. However, unlike Windows virus, which exploits the vulnerability in Microsoft Outlook mail program, this new RST variant cannot be widely transmitted. In addition, although many Linux users do not install anti-virus software, they pay great attention to system security and do not open executable files in the email attachments.
However, this does not mean that the virus cannot spread. it will attach the virus to some useful programs, such as tool software with security vulnerabilities, and the virus will entice users to run it. Moreover, malicious users upload the virus to the download library of Linux. If the new Trojan is uploaded to a very popular download site, the situation will be worse. Many users not only download the virus source code, but also many infected binary files.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
