Re: Remote Shell Trojan: Threat, Origin and the Solution

From: Kevin Gagel (Gagel@cnc.bc.ca)
Date: 09/10/01


Message-ID: <3B9CDD69.497A9D34@cnc.bc.ca>
Date: Mon, 10 Sep 2001 08:34:01 -0700
From: Kevin Gagel <Gagel@cnc.bc.ca>
To: rst@coders.com
Subject: Re: Remote Shell Trojan: Threat, Origin and the Solution

Has any expert c programers examined the c code to see if it actually
does what the remarks say?
I am suspicious of anything that is posted anonymously no matter how
well it's documented. I
don't know C well enough to tell if the documentation is accurately
portraying what the code is
really doing.

If it's not then this a one very well crafted "socially engineered"
virus...

> RST was developed by us as a research project and intended only for internal

> go as they were intended to go. An infected binary accidentely leaked out our

> the public. But this might eventually get reverse engineered in the future and
> RST can then be actively abused by other people.
>
> Solution:
>
> We have created a set of utilities which can recursively detect and remove the
> virus from the system. It also has the option to make binaries IMMUNE for future

> % perl Recurse.pl remove
>
> For more information regarding this read the included documentation.
>
> Conclusion:

> Regards,
> - anonymous
>
> ------------------------------------------------------------------------
> Name: kill_rst.tgz
> kill_rst.tgz Type: WinZip File (application/x-compressed)
> Encoding: base64
> Description: Kill the beast!

-- 
=============================
Kevin W. Gagel
Network Administrator
College of New Caledonia
gagel@cnc.bc.ca
(250)561-5848 loc. 448
=============================
--------------------------------
The College of New Caledonia
Visit us at http://www.cnc.bc.ca
--------------------------------

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: MV community lawsuits - OT
    ... It just shows how careful I am! ... They have fixed the DELETE foul up in ... My remarks were based on an inexperienced installer ... There again that was Reality 2.4d documentation 1976 which was quite ...
    (comp.databases.pick)
  • Re: Ndoc: tags inside the methods
    ... So how could any "TeX" possibly know what code is required for any particular comment? ... "remarks" section on a method. ... >>What good is external documentation on lines of code that aren't also present? ... > preprocessor that strips the explanations to get source code. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Word 2000 in Outlook 2003
    ... Did you read the readme's and other documentation before installing it? ... > installed the Outlook 2003 virus processor and broke all of my AutoCorrect ...
    (microsoft.public.outlook)
  • Re: SOLVED: Re: Problems with "burncd" - cannot mount result on unix or windows
    ... under deadline with a japanese shop manual translated into english and no diagrams. ... Documentation makes ... both to novices and to professionals. ... < DRY SARCASM & FURTHER SMART ASS REMARKS ...
    (freebsd-questions)
  • XML Documentation to help file with .NET 2.0?
    ... I've been using XML Documentation in my class libraries since I discovered this, and I have been using NDoc to produce help files from the xml files so that the documentation is available outside of Visual Studio as well. ... not updated for 2.0, outputs Collection`1 for generic types, relocates all information regarding the types to the remarks section, relocates a lot of information to the remarks section really whereas a lot of remarks is just lost, tends to get example documentation wrong ...
    (microsoft.public.dotnet.languages.csharp)