This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

UPDATED: Hutizu and Linux/Bckdr-RKC now have limited detection

UPDATE: The latest news on Linux/Bckdr-RKC (.xsyslog) and Hutizu (.ssyslog) can be viewed HERE, including newest detection statistics.  Thanks!


It's been approximately 2 months since the original discovery of Linux/Bckdr-RKC

This Linux trojan is still undetected, according to VirusTotal.com


Virustotal: .xsyslog
Virustotal: .ssyslog


In fact, it would appear that even Sophos is no longer detecting this trojan.

I have resubmitted the file to multiple antivirus vendors, in hopes that they may pay attention to my submission this time.

For those who aren't familiar with this trojan, an anonymous internet user has taken the time to put together a Pastebin post highlighting my research on this trojan.  http://pastebin.com/DwtX9dMd

I'd also like to take the time to point out that you can view the decompiled source of this trojan at my malware research Google code project: http://code.google.com/p/caffsec-malware-analysis/

Keep fighting the good fight.

2 comments:

  1. Have you tried to scan this file on Metascan Online? It has some alternate engines from VT: http://www.metascan-online.com.

    ReplyDelete
  2. Thanks Jeff! I'm actually hoping to perform another upload and see if any detection signatures have changed in the very near future. I will definitely use that site for scanning as well.

    -Ken

    ReplyDelete