Educause Security Discussion mailing list archives
Hacker defender is sophisticated
From: "Wayne J. Hauber" <wjhauber () IASTATE EDU>
Date: Wed, 24 Nov 2004 08:16:59 -0600
I have been working with a server administrator for the better part of a week. One of his systems was compromised by one of the most sophisticated trojans protection schemes that I have seen. The trojan was using "Hacker Defender" to block detection. This scheme: 1. blocked several ports from detection by netstat or tcpview 2. hid all running executables from detection by the task manager or process explorer 3. hid registry entries from detection by any registry editor 4. hid files in the file system from detection by any program We ultimately found the files and thought we had the system cleaned but it rebuilt itself as soon as we provided a network connection. This author put his ftp server on port 116. There was a slew of other ports that were open. I did a search on "hacker defender" and found that the first hit on google is the author's web site. It includes a sophisticated discussion in several white papers on how to circumvent many security tools. The author offers to customize his work for your trojan for the number of euros in a price schedule that he has published. It is pretty scary stuff! Wayne Hauber (515) 294-9890 Network Information & Microcomputer Network Services Office of Academic Information Technologies 109 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Hacker defender is sophisticated Wayne J. Hauber (Nov 24)