New Backdoor Virus: Linux.BackDoor.Dklkt.1

Good Morning,

We do indeed have detection for this Linux Backdoor. Dectection was added on the 27th July.

Thanks

Mark

Hi ,

According to Virus Total, Sophos doesn't have detection for this yet as of 2015-07-28 07:47:28 UTC. See Virus Total report here. Please let us know if you have an updated analysis that we can refer to. Thanks!

I suspect Virus Total are not using the same version.  Our Labs informed me that the SAV for Linux has dectection (Mal/Generic-S)

I will get them to ensure the IDE files are updated accordingly (which they will be automatically)

Hi ,

Thank you for your quick replies. We just want to make sure that once this newly discovered threat arrived on our network, we are confident that Sophos can block it.

The following details may also help in making sure that Sophos can detect the file once it arrived on our network. Here are the threat details I found in Virus Total:

MD5: 464dc38c776724b9ec931480419dcf64

SHA1: bd24972a8e34bbd2e7f3b58d6d7fd1a94efa7355

SHA256: 2b1c87e92d1f97ed3b2926a25c4cc31a2d756f6ae712052bee9d777c678c7ad2

File name: file-7105748_exe, Server.exe

Do you have a threat page which could serve as a reference that you do have detection for this newly discovered backdoor? And will this detection be applicable both in Linux and Windows machines where it was reportedly capable of infecting?

Again, thank you very much for your support. Looking forward for your response.

Regards,

Morning,

Thank you for posting information, you can find information about threats and detections on the SophosLabs website https://www.sophos.com/en-us/threat-center/threat-analyses.aspx.

This one in particular is here https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Linux~Dklkt-A.aspx

Thanks

Mark

Thanks ! This is what I really needed.

Also, can you provide as well our detection for the Windows variant? This one is for Linux. On the reports, it says that this backdoor can also infect Windows systems.