Penetration Testing mailing list archives
Re: Backdoor:Win32/Hackdef.E
From: Marco Monicelli <marco.monicelli () marcegaglia com>
Date: Thu, 27 Oct 2005 09:01:57 +0200
Dear Alex, that is not really a simple trojan.... it's a Windows Rootkit and its name is Hackdefender. You can gather many usefull information about it on www.rootkits.com. It's a smart rootkit which uses a technique based on changing words inside the rootkit's files in order to fool AV. And I must admit it does the job pretty good but it's now too famous around so AV should be now updated to recognize it or at least a standard version (it can be customized to become undetected). For your fun and knowledge, here's a link to a AVI file which shows you how it beats the AV defences. http://rapidshare.de/files/6816080/hxdef_defeating_modern_detectors.rar.html Cheers Yog-Sotho After installing October's MS Malicious Software Removal tool, a couple of server, one behing a Sonicwall TZ170 firewall have shown he presence of Win32/Hackdef.E and Win32/Hackdef.T. The MS tools they have been removed. Has anyone had any experience with that trojan in terms of detecting payload etc? Is there a security scanner to check for that specific vulnerability? Thanks Alex ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Backdoor:Win32/Hackdef.E Alex Stender (Oct 26)
- Re: Backdoor:Win32/Hackdef.E Marco Monicelli (Oct 27)
- <Possible follow-ups>
- Re: Backdoor:Win32/Hackdef.E arif . jatmoko (Oct 26)
- Re: Backdoor:Win32/Hackdef.E Marco Monicelli (Oct 27)
- RE: Backdoor:Win32/Hackdef.E Jeffrey Leggett (Oct 27)