Comments on How To Check If Your Server Is Infected With The Linux/Rst-B Backdoor (Debian Etch)

How To Check If Your Server Is Infected With The Linux/Rst-B Backdoor (Debian Etch) Linux Rst-B is a backdoor that can be used to add your server to botnets (see http://www.heise.de/newsticker/meldung/103563 (in German)). This short guide explains how you can install and use the Sophos Linux/RST-B detection tool to check your Debian Etch server and find out if it is infected with Linux Rst-B.

2 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:
Reply  

Why isn't this issue listed in CERT?  Is it that new?

 http://search.cert.org/query.html?col=general&col=history&col=orgsec&col=response&col=secsys&col=sftassur&col=training&qt=rst-b&charset=iso-8859-1

By:
Reply  

No, it's not new, it's over 6 years old. The author seems to have missed the point of the original press release published by Sophos - http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html, which is that the Rst-B virus is a secondary infection which the more up-to-date tools that hackers are using are infected with (probably wihout realising)