Re: Remote Shell Trojan: Threat, Origin and the Solution

From: Kevin Gagel (
Date: 09/10/01

Message-ID: <>
Date: Mon, 10 Sep 2001 08:34:01 -0700
From: Kevin Gagel <>
Subject: Re: Remote Shell Trojan: Threat, Origin and the Solution

Has any expert c programers examined the c code to see if it actually
does what the remarks say?
I am suspicious of anything that is posted anonymously no matter how
well it's documented. I
don't know C well enough to tell if the documentation is accurately
portraying what the code is
really doing.

If it's not then this a one very well crafted "socially engineered"

> RST was developed by us as a research project and intended only for internal

> go as they were intended to go. An infected binary accidentely leaked out our

> the public. But this might eventually get reverse engineered in the future and
> RST can then be actively abused by other people.
> Solution:
> We have created a set of utilities which can recursively detect and remove the
> virus from the system. It also has the option to make binaries IMMUNE for future

> % perl remove
> For more information regarding this read the included documentation.
> Conclusion:

> Regards,
> - anonymous
> ------------------------------------------------------------------------
> Name: kill_rst.tgz
> kill_rst.tgz Type: WinZip File (application/x-compressed)
> Encoding: base64
> Description: Kill the beast!

Kevin W. Gagel
Network Administrator
College of New Caledonia
(250)561-5848 loc. 448
The College of New Caledonia
Visit us at

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: