Penetration Testing mailing list archives

Re: Backdoor:Win32/Hackdef.E

From: arif.jatmoko () sea ccamatil com
Date: Thu, 27 Oct 2005 10:03:35 +0700




I think most AV software capable to detect this trojan / backdoor /
rootkit. If M$ removal tool has detected hackdef rootkit, you could cross
check your finding using AV software:
Kaspersky ==> Backdoor.HacDef.xxx
TrendMicro ==> BKDR_HACDEF.xx
CA ==> Win32.HacDef
Symantec ==> Backdoor.HackDefender
McAfee ==> HackerDefender
F-Secure ==> W32/HD.Rootkit.xx

Cheers,
Arif

|+---------------+---------------------------------|
||   Alex Stender|                                 |
||   <alex.stende|           To:                   |
||   r () gmail com>|   pen-test () securityfocus com    |
||               |           cc:        (bcc: Arif |
||   10/27/2005  |   Jatmoko/IDN/SEA/CCA)          |
||   01:19 AM    |           Subject:              |
||               |   Backdoor:Win32/Hackdef.E      |
||               |                                 |
|+---------------+---------------------------------|






After installing October's MS Malicious Software Removal tool, a
couple of server, one behing a Sonicwall TZ170 firewall have shown he
presence of Win32/Hackdef.E and Win32/Hackdef.T. The MS tools they
have been removed.

Has anyone had any experience with that trojan in terms of detecting
payload etc? Is there a security scanner to check for that specific
vulnerability?

Thanks

Alex

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------







------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Backdoor:Win32/Hackdef.E Alex Stender (Oct 26)
- Re: Backdoor:Win32/Hackdef.E Marco Monicelli (Oct 27)
- <Possible follow-ups>
- Re: Backdoor:Win32/Hackdef.E arif . jatmoko (Oct 26)
- Re: Backdoor:Win32/Hackdef.E Marco Monicelli (Oct 27)
- RE: Backdoor:Win32/Hackdef.E Jeffrey Leggett (Oct 27)