UPDATED: Hutizu and Linux/Bckdr-RKC now have limited detection

UPDATE: The latest news on Linux/Bckdr-RKC (.xsyslog) and Hutizu (.ssyslog) can be viewed HERE, including newest detection statistics.  Thanks!


It's been approximately 2 months since the original discovery of Linux/Bckdr-RKC

This Linux trojan is still undetected, according to VirusTotal.com


Virustotal: .xsyslog
Virustotal: .ssyslog


In fact, it would appear that even Sophos is no longer detecting this trojan.

I have resubmitted the file to multiple antivirus vendors, in hopes that they may pay attention to my submission this time.

For those who aren't familiar with this trojan, an anonymous internet user has taken the time to put together a Pastebin post highlighting my research on this trojan.  http://pastebin.com/DwtX9dMd

I'd also like to take the time to point out that you can view the decompiled source of this trojan at my malware research Google code project: http://code.google.com/p/caffsec-malware-analysis/

Keep fighting the good fight.

CaffSec SITREP - Cyber Intelligence for the masses

Leveraging the power of Google Alerts, I have started posting relevant news articles, public exploit releases, and other tidbits of information related to Cyber Security and Information Assurance.

The best way to keep you and your organization prepared for unknown threats is to keep tabs on the current state of the security of the internet.

There are currently three ways to view SITREP messages:

Twitter, following @CaffSec
Tumblr through the CaffSec SITREP blog
The CaffSec Daily SITREP Online Newspaper

Please enjoy these valuable resources!

New @CaffSec Twitter Feature: #exploitAlert

I've taken the Google Alert "zero day" exploit feed and created automated Twitter notifications.

You can get updated #exploitAlert notifications by following my Twitter account, @CaffSec.

The feed currently monitors PasteBin for new exploits.  Expect additional feeds soon!