[GH-ISSUE #532] Possible Malicious Linux.Xor.DDoS installed #234

New Issue

Closed

opened 2026-06-08 11:26:16 +03:00 by zhus · 2 comments

zhus commented 2026-06-08 11:26:16 +03:00

Owner

Copy Link

Copy Source

Originally created by @audioscavenger on GitHub (Oct 12, 2025).
Original GitHub issue: https://github.com/bootandy/dust/issues/532

cd /tmp
wget https://github.com/bootandy/dust/releases/download/v1.2.3/dust-v1.2.3-x86_64-unknown-linux-gnu.tar.gz

sudo chkrootkit
Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/dust-v1.2.3-x86_64-unknown-linux-gnu/dust

is this a false positive?

Originally created by @audioscavenger on GitHub (Oct 12, 2025). Original GitHub issue: https://github.com/bootandy/dust/issues/532 cd /tmp wget https://github.com/bootandy/dust/releases/download/v1.2.3/dust-v1.2.3-x86_64-unknown-linux-gnu.tar.gz sudo chkrootkit Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/dust-v1.2.3-x86_64-unknown-linux-gnu/dust is this a false positive?

zhus closed this issue 2026-06-08 11:26:16 +03:00

zhus commented 2026-06-08 11:26:16 +03:00

Author

Owner

Copy Link

Copy Source

@bootandy commented on GitHub (Oct 13, 2025):

I hope so.

I have just tried to replicate this and it didn't flag the file as INFECTED.

Does this also happen with v1.2.2 ? Can you upgrade chrootkit ?

<!-- gh-comment-id:3398635643 --> @bootandy commented on GitHub (Oct 13, 2025): I hope so. I have just tried to replicate this and it didn't flag the file as INFECTED. Does this also happen with v1.2.2 ? Can you upgrade chrootkit ?

zhus commented 2026-06-08 11:26:16 +03:00

Author

Owner

Copy Link

Copy Source

@audioscavenger commented on GitHub (Oct 17, 2025):

Man i almost lost my 2TB VPC because it was sending spam, the provider threatened me a little.

chrootkit is latest on ubuntu 20.04 where I installed it. probably false positive but I won't redownload it.
VPC was killed and I reinstalled my sht on a new one. we will never know

<!-- gh-comment-id:3413999742 --> @audioscavenger commented on GitHub (Oct 17, 2025): Man i almost lost my 2TB VPC because it was sending spam, the provider threatened me a little. chrootkit is latest on ubuntu 20.04 where I installed it. probably false positive but I won't redownload it. VPC was killed and I reinstalled my sht on a new one. we will never know

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release

rmbuild

build2

build

config_collapse

maybe_build

up

tweak

bye_bye_directories

deps

return_1

fix_depth_test

stay

style

clean2

upgrade_lib

use_stderr_for_logs

other2

same_dir_names2

same_dir_names

skip_total_bars

i_wanna_go_fast

test

clean_tests

clean_json

aarch_build

kilos2_refactor

kilos2

cargo_update2

aarch_build2

fix2

links

fix_error_on_thread_creation5

fix_error_on_thread_creation4

fix_error_on_thread_creation3

fix_error_on_thread_creation2

fix_error_on_thread_creation

depth_refactor2

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.9.0

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.1-alpha.2

v0.8.1-alpha.1

v0.8.0

v0.7.1.alpha4

v0.7.1.alpha3

v0.7.1.alpha

v0.7.5

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.5.0

v0.4.41

v0.4.4

v0.4.3

v0.4.2

v0.4.1.2

v0.4.1.1

v0.4.0.1

v0.4.0

v0.4.1

v0.3.1

v0.3.0

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.2

untagged-1499119fdec1dec70238

v0.1.1

0.1.0

Labels

Clear labels

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

windows help wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

zhus (Sergey Zhukov)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bootandy/archived-dust#234