Security news13 February 2008
Six year anniversary for Linux virus Rst-B - are you infected? Sophos makes available detection tool for Linux users
IT security and control firm Sophos is warning Linux users of the importance of properly securing their Linux systems, following findings from SophosLabs™ that a long established threat, known as Linux/Rst-B, is still infecting computers and servers.
Analysis of malware in Sophos's Linux honeypots have shown almost 70 percent of the infections are due to this six-year-old malicious program. Today, SophosLabs has made freely available a small detection tool to help Linux users find out whether they are unwittingly infected with this virus.
Linux servers are very valuable to hackers, according to SophosLabs experts. Servers, by their nature, are rarely turned off and often found to be running no or insufficient protection against malware attacks. This makes the Linux systems ideal candidates for the role of controller in a botnet - the central control point when creating and managing an army of infected computers, known as bots or zombies. Where Linux systems are most often found to be running as a server, Windows machines, are more frequently used at home or as a desktop machine in an office, and these computers are regularly switched off. This makes them less attractive as controllers, but ideal as bots or zombies.
Hackers typically gain control via weak SSH password or some other vulnerability. Once in, they install IRC based malware and use IRC channels to control their bots.
"The number of malware in existence is around 350,000, and while only a teeny number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos. "It was very surprising to see that a six-year-old virus seems to be responsible for a large proportion of the malware collating in our Linux honeypot, and we hope that Linux users who aren't running security will at least run this tool to find out if they are infected with this granny virus."
Information on the Linux/Rst-B detection tool is available on the SophosLabs blog. Sophos underlines that running the detection tool will only detect versions of Linux/Rst-B.
Sophos encourages all Linux users to consider running an up-to-date anti-virus to ensure the integrity of their computers and servers is not compromised.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
