linux poison RSS
linux poison Email

Linux virus (Linux/Rst-B) can make intruders to gain access to systems

A six-year old Linux virus is still in circulation, and Sophos suspects the high uptime exhibited by servers (compared with the typical home or office Windows PC that spends much of the day switched off or asleep) makes them valuable to bot-herders as central control points.

Sophos has created a detection tool specifically for this virus, and encourages administrators to use it and then forward any infected files to SophosLabs for analysis.

"If you don't find Linux/Rst-B on your system, it's good news but obviously doesn't mean that you are not infected with something else, said Billy McCourt, SophosLabs UK.

"I'd encourage you to at least do regular on-demand scans on your Linux box but ideally run an on-access scanner."

A previous analysis by McCourt suggested that Rst-B infections are not being used by intruders to gain access to systems, rather they occur as a side-effect of already-infected hacking tools being downloaded onto servers once a foothold has been gained.

"The number of malware in existence is around 350,000, and while only a teeny number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos.

Sophos sells an on-access scanner for Linux. Alternatives include the AVG and Avast products for Linux, as well as software that works with the popular ClamAV to provide on-access scanning.


Anonymous said...

A good place to learn how to increase your defenses. Note most rst-b were left after a system was already compromised.

Post a Comment

Related Posts with Thumbnails