ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Online business Toolkit

Linux world dismisses new Trojan risk

Wendy McAuliffe ZDNet.co.uk

Published: 04 Jan 2002 17:51 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A Remote Shell Trojan (RST) is making its way around the Linux community, but security experts say it should not pose a risk if users are vigilant with the programs they run.

The Trojan is a more complex variant of an earlier RST that hit Linux systems last October. In order to propagate, RST.b requires a user to run an infected binary, which then opens up a remote shell and allows an attacker to access the machine.

Linux distributor Red Hat is categorising RST.b as a low risk. The variant requires a root user to download the malformed binary in order for the Trojan to run, which is less likely to happen on Linux machines as it products are designed to keep partitions on what users can do.

"On Linux a lot of packages are digitally signed and come with their own source code, which makes it a lot harder for a trojan to attach itself, and ensures that the product is not affected during transit," said Mark Cox, senior director of engineering at Red Hat.

The virus replaces the start address in the Executable and Linking Format headers with an address that points to its code. When an infected program is run it is re-directed to the virus code. According to researchers at lockeddown.net, a parent string forks off to the real start address and runs the normal code while a child string "takes care of the evil stuff".

Trojan horses designed to attack Linux systems are rare. Viruses that exploit vulnerabilities in Microsoft Windows are fairly common, but according to Red Hat, the popular Apache Web server has not had any vulnerabilities that would allow remote access for two years. "The risk factor is a lot lower than IIS (Internet Information Server) for example," said Cox.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
18 out of 65 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Risk Java Developer Required -Financial Organisation in Warwickshire

ETRM CONSULTANT, Risk consultancy, London - 50,000 to 75,000

Application Support - Risk Systems Trading House Perm SQL Unix London

Sentry Posts Blog

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Government launches new e-crime unit

Ok, so this is outside of my main area of focus of sustainable and green tech but I do track some security issues too. I was at a meeting last week with Microsoft's security advisor... More

Post a comment