Let's take a look at current detection statistics for Linux/Bckdr-RKC.
The newer variant has been named the Hutizu backdoor by Antivirus vendors.
.xsyslog - The original file placed on my honeypot.
Commonly known as Linux/Bckdr-RKC or Linux/PKC
Metascan:
1/25 detection http://www.metascan-online.com/results/ue9v7uz2yv9wvb36mdwr2s9hg3hss792
Fortinet detects as Linux/PKC.A!tr.bdr
VirusTotal:
0/43 detection https://www.virustotal.com/file/ce62318acfb28e7ad5c915b0bb7cbc256b5c682097d33d1a002ff856b21d7324/analysis/1332284106/
VirScan:
3/36 detection http://r.virscan.org/report/a6769c90a8c3d519201c6cdee60eea5b.html
Fortinet detects as Linux/PKC.A!tr.bdr
Kaspersky detects as Backdoor.Linux.PKC.a
Sophos detects as Linux/Bckdr-RKC
.ssyslog - The newer variant
Commonly known as "Hutizu"
Metascan:
3/25 detection http://www.metascan-online.com/results/szab3gp39d91byh3z3ebuz64utld97m0
ArcaVir detects as Linux.Hutizu.a
Fortinet detects as Linux/Hutizu.A!tr.bdr
Ikarus detects as Backdoor.Linux.Hutizu
VirusTotal:
7/43 detection https://www.virustotal.com/file/414a142016cab43d85c7b85a61426f0d3e3c2e04b9c3a9b94d88925593aaf49b/analysis/1332284644/
Comodo detects as UnclassifiedMalware
Emsisoft detects as Backdoor.Linux.Hutizu!IK
Fortinet detects as Linux/Hutizu.A!tr.bdr
Ikarus detects as Backdoor.Linux.Hutizu
Jiangmin detects as Backdoor/Linux.ab
Kaspersky detects as Backdoor.Linux.Hutizu.a
Sophos detects as Linux/Hutizu-A
VirScan:
8/36 detection http://r.virscan.org/report/dac52b25964a8614bb02e119e828575c.html
a-squared detects as Backdoor.Linux.Hutizu!IK
ArcaVir detects as Linux.Hutizu.a
Comodo detects as UnclassifiedMalware
Fortinet detects as Linux/Hutizu.A!tr.bdr
Ikarus detects as Backdoor.Linux.Hutizu
Jiangmin detects as Backdoor/Linux.ab
Kaspersky detects as Backdoor.Linux.Hutizu.a
Sophos detects as Linux/Hutizu-A
This is good news, as it means anti-virus vendors are starting to detect this malware.
But the bad news is, only a small fraction of AV vendors are detecting it!
No comments:
Post a Comment