MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

5 Top security flaw found in corporate networks

Alert: Apple Security Bulletin

Alert: MS Security Bulletins

Alert: MS Security Tips

Browser crash test

Critical Alert

Firewall

Firewall on fire!

Hoaxes: E-mail

Internet Protocol Network Camera Surveillance

Mail relay test

Network Setup Checklist

Network Worms

On-line Privacy

Process - OK

Process - Bad & Ugly

Rootkits

Rotten Cookies

TCP Holed

TCP Port

TCP Port ~ 1024

TCP Port ~ 1352

TCP Port ~ 2500

TCP Port ~ 65301

TCP Port Scan

Web Security
Home » Network Security » Rootkits » 

Hacker Defender - Hackdef

Win32 / Hackdef is a family of backdoor Trojans that is distributed in various ways to computers running certain versions of Microsoft Windows. This Trojan is a user-mode rootkit. It creates, alters, and hides Windows system resources on a computer that it has infected, and can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers.

A variant of Win32 / Hackdef can be started locally or by a remote process scanning the network for vulnerable computers. It can infect a computer only by gaining access through a local user account that has administrator privileges. After Windows restarts on a computer that is infected with Win32 / Hackdef, the Trojan can run under local accounts that do not have administrator privileges.

The variant runs as a process and installs itself as a service. When it runs, it checks for the presence of configuration code that contains parameters for changing settings on the target computer. Settings in the configuration code determine rootkit operations such as creating, altering, and hiding system resources; providing and controlling backdoor functionality; and providing proxy services.

Win32 / Hackdef creates mailslots on an infected computer, which function as backdoors to exchange commands and information with attackers. The Trojan creates a separate, private mailslot for each attacker to send commands to control Trojan functionality on the target computer.

Win32 / Hackdef uses a driver to run custom code in kernel mode. This driver duplicates process tokens to obtain process-related information so that the rootkit can alter the functionality of processes as they run from memory.

Win32 / Hackdef stores original data from multiple Windows system APIs. It infects APIs that are residing in memory locations allocated to various processes. This can include APIs from various DLLs.

If Win32 / Hackdef infects a computer through a user account that has administrator privileges, it infects all current and future user sessions. If Win32 / Hackdef infects a system through a user account that does not have administrator privileges, it infects current and future sessions of only this user.

Hacker Defender Variants.:

Backdoor:Win32/Hackdef.C Backdoor:Win32/Hackdef.D Backdoor:Win32/Hackdef.E Backdoor:Win32/Hackdef.F Backdoor:Win32/Hackdef.G Backdoor:Win32/Hackdef.H Backdoor:Win32/Hackdef.I Backdoor:Win32/Hackdef.J Backdoor:Win32/Hackdef.K Backdoor:Win32/Hackdef.L Backdoor:Win32/Hackdef.M Backdoor:Win32/Hackdef.N Backdoor:Win32/Hackdef.O Backdoor:Win32/Hackdef.P Backdoor:Win32/Hackdef.Q Backdoor:Win32/Hackdef.R Backdoor:Win32/Hackdef.S Backdoor:Win32/Hackdef.T Backdoor:Win32/Hackdef.U Backdoor:Win32/Hackdef.W Backdoor:Win32/Hackdef.X Backdoor:Win32/Hackdef.Y Backdoor:Win32/Hackdef.Z Trojan:Win32/Hackdef VirTool:WinNT/Hackdef.A VirTool:WinNT/Hackdef.C VirTool:WinNT/Hackdef.D VirTool:WinNT/Hackdef.E Win32/Hackdef.Y.

 

commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.