Penetration Testing mailing list archives
Re: Backdoor:Win32/Hackdef.E
From: Marco Monicelli <marco.monicelli () marcegaglia com>
Date: Thu, 27 Oct 2005 14:11:21 +0200
Actually it's exactly like I said: (Quote from my previous email) but it's now too famous around so AV should be now updated to recognize it or at least a standard version (End of Quote) The file you download from the website is the standard one. If you just had a look at the videoclip found on the link I gave, you could have seen an example of How To make it undetectable. And there are other different ways of achieving that goal. Cheers Yog-Sotho this is what i do with hacker defender in Active Directory 1) download Hacker Defender from the link on Rookit.com 2) Use Software restriction to get a hash and put a policy 3) the tools, KHS, FHS, ICE Sword, rkdetector, can find the presencd 4) Macafee can also find and remove the rootkit In a message dated 10/27/2005 2:41:35 AM Central Daylight Time, marco.monicelli () marcegaglia com writes: Dear Alex, that is not really a simple trojan.... it's a Windows Rootkit and its name is Hackdefender. You can gather many usefull information about it on www.rootkits.com. It's a smart rootkit which uses a technique based on changing words inside the rootkit's files in order to fool AV. And I must admit it does the job pretty good but it's now too famous around so AV should be now updated to recognize it or at least a standard version (it can be customized to become undetected). For your fun and knowledge, here's a link to a AVI file which shows you how it beats the AV defences. http://rapidshare.de/files/6816080/hxdef_defeating_modern_detectors.rar.html Cheers Yog-Sotho After installing October's MS Malicious Software Removal tool, a couple of server, one behing a Sonicwall TZ170 firewall have shown he presence of Win32/Hackdef.E and Win32/Hackdef.T. The MS tools they have been removed. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Backdoor:Win32/Hackdef.E Alex Stender (Oct 26)
- Re: Backdoor:Win32/Hackdef.E Marco Monicelli (Oct 27)
- <Possible follow-ups>
- Re: Backdoor:Win32/Hackdef.E arif . jatmoko (Oct 26)
- Re: Backdoor:Win32/Hackdef.E Marco Monicelli (Oct 27)
- RE: Backdoor:Win32/Hackdef.E Jeffrey Leggett (Oct 27)