RST.b

from Wikipedia, the free encyclopedia

RST.b is a computer virus for Linux . The information about the discovery varies between late 2001 and early 2002.

Infection

An infection can be recognized by file changes. The manufacturer Sophos offers a tool for detection.

When RST.b is executed, it tries to infect all files in the / bin directory and the current directory. The virus stamps the date information on the files with the date of the infection and increases it to 4096 bytes. If the virus is run with root privileges, it creates a back door .

One of the ways the virus was spread was by getting onto the computer with infected software. A Korean Mozilla download mirror offered an infected version of Firefox for download, and a diagnostic program from the BIOS and motherboard manufacturer American Megatrends was also offered infected for download on the manufacturer's website. At least one version of the Lupper worm was infected with the virus.

Individual evidence

  1. http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99
  2. https://www.heise.de/security/meldung/Mozilla-Mirror-lieferte-infierter-Software-aus-Update-131895.html
  3. https://www.heise.de/security/meldung/Mozilla-Mirror-lieferte-infierter-Software-aus-Update-131895.html
  4. http://www.pro-linux.de/artikel/2/543/endung-des-virus-linuxrst-b.html
  5. https://www.heise.de/security/meldung/Mozilla-Mirror-lieferte-infierter-Software-aus-Update-131895.html
  6. https://www.heise.de/newsticker/meldung/Virus-auf-Download-Seiten-eines-Board-Herstellers-Update-130809.html