The Linux/Rst.a virus was discovered in January 2002.
The virus is a direct-action virus, when executed, it will try to infect ELF binary executable files in the /bin directory and current directory.
Infected files have their date and time stamps changed to the moment the infection occurs.
Infected files have their filesize increased, dependent on system settings but on average 6973 bytes (decimal) are added. The virus changes the file's entrypoint (where the program code starts) and inserts its viral code. The virus is making use of anti-debugging techniques to make disassembly harder.
Apart from infecting ELF binary files, the virus tries to make the system vulnerable to remote usage by attackers. When a package send by attackers is received, the virus creates a connection and attackers can abuse a remote shell.
Note that the virus doesn't make use of a vulnerability to gain higher permissions like root rights so the infection will not be successfull for regular users.
||Minor differences, infected ELF binary files have their filesize
increased with 4096 bytes (decimal).