Haxdoor spammed in Europe

izi · Aug 17, 2006

Haxdoor.KI - On the 17th of August 2006 we received numerous reports of a new Haxdoor backdoor variant being spammed as an e-mail attachment to a large amount of people. The backdoor was spammed inside an archive named rakningen.zip. The backdoor's file, located inside the archive, is named rakningen.exe. (Swedish) We also have a report that it was spammed inside an archive named rechnung.zip as rechnung.exe. (German)

Haxdoor is a powerful backdoor with rootkit and spying capabilities. It can hide its presence, processes and files, on an infected system. So when it is active, it can only be detected by anti-virus programs that use kernel drivers
Click to expand...

http://www.f-secure.com/v-descs/haxdoor_ki.shtml

Suggers · Aug 17, 2006

So when it is active, it can only be detected by anti-virus programs that use kernel drivers
Click to expand...

Anyone know which AV's use Kernel drivers? Am I right in thinking that KAV 5 and KAV 6 do? Which others do?

Cheers
Suggers

Tommy · Aug 17, 2006

Suggers said:

Anyone know which AV's use Kernel drivers? Am I right in thinking that KAV 5 and KAV 6 do? Which others do?
Click to expand...

I think NOD32 does it.

Suggers · Aug 17, 2006

Tommy said:

I think NOD32 does it.
Click to expand...

Good, that's me covered then.

Cheers
Suggers

izi · Aug 19, 2006

Suggers said:

Good, that's me covered then.

Cheers
Suggers
Click to expand...

If rootkit hide its presence, processes and files, on an infected system NOD32 will not found this active rootkit. You can find this rookit with this tool: http://www.f-secure.com/blacklight

Tommy · Aug 19, 2006

izi said:

If rootkit hide its presence, processes and files, on an infected system NOD32 will not found this active rootkit. You can find this rookit with this tool: http://www.f-secure.com/blacklight
Click to expand...

Does Sysinternal Rootkit Revealer find it?

izi · Aug 19, 2006

Tommy said:

Does Sysinternal Rootkit Revealer find it?
Click to expand...

I don't know.

Tommy · Aug 19, 2006

izi said:

I don't know.
Click to expand...

Well i surly won't install Mr. Haxdoor just to find out if Sysinternal Tool catches it or not

Suggers · Aug 19, 2006

izi said:

If rootkit hide its presence, processes and files, on an infected system NOD32 will not found this active rootkit. You can find this rookit with this tool: http://www.f-secure.com/blacklight
Click to expand...

I have rootkitrevealer and blacklight scanners; just incase anything slips past nod32 and BOClean in realtime.
I think using these four progs would stop nearly every nasty that could try and get through.

Suggers

Log in or Sign up

Haxdoor spammed in Europe

izi Registered Member

Suggers Guest

Tommy Registered Member

Suggers Guest

izi Registered Member

Tommy Registered Member

izi Registered Member

Tommy Registered Member

Suggers Guest

Log in or Sign up

Haxdoor spammed in Europe

izi Registered Member

Suggers Guest

Tommy Registered Member

Suggers Guest

izi Registered Member

Tommy Registered Member

izi Registered Member

Tommy Registered Member

Suggers Guest

Useful Searches