Re: Remote Shell Trojan: Threat, Origin and the Solution

From: Patrick Andry (
Date: 09/10/01

Message-ID: <>
Date: Mon, 10 Sep 2001 13:38:40 -0400
From: Patrick Andry <>
Subject: Re: Remote Shell Trojan: Threat, Origin and the Solution

Kevin Gagel wrote:

>Has any expert c programers examined the c code to see if it actually
>does what the remarks say?
>I am suspicious of anything that is posted anonymously no matter how
>well it's documented. I
>don't know C well enough to tell if the documentation is accurately
>portraying what the code is
>really doing.
>If it's not then this a one very well crafted "socially engineered"
The best I can tell, it isn't reading in any weird strings. The most it
looks like it's doing is removing parts of the file in 4k chunks.
Can anyone else verify this?

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:

Relevant Pages

  • Re: Is promiscuous mode bad?
    ... >I am currently running Snort. ... I will examine its documentation to see if ... >promiscuous mode is really necessary. ... >assuming the only threat is from local users? ...
  • Re: Threat Analysis and Threat Trees
    ... > good references, sites, books, papers, journals, et. al. ... > I am looking for data on threat analysis, threat trees, vulnerabilities, ... There is also the Common Criteria documentation or the Orange ... pieces of documentation ("secure programming" books cover another, ...
  • Re: [PATCH 01/19] User-space API definition
    ... Could you explain that in the documentation, ... crypto, explaining when something should be used, what the threat ... threats and design goals of this ...
  • Re: Penetration testing scope/outline
    ... For documentation outlining a lot of what you might be looking for, I'd recommend you check out the Open Source Security Testing Methodology Manual (OSSTMM) at ... > Internet Security Systems. ... - Keeping You Ahead of the Threat ...