Re: Backdoor:Win32/Hackdef.E

From: arif.jatmoko@sea.ccamatil.com
Date: Wed Oct 26 2005 - 23:03:35 EDT

• Next message: Georgi Alexandrov: "Re: Blocking Port scans"
• Previous message: kukulkan: "Re: mac to ip address tools"
• Maybe in reply to: Alex Stender: "Backdoor:Win32/Hackdef.E"
• Next in thread: Marco Monicelli: "Re: Backdoor:Win32/Hackdef.E"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think most AV software capable to detect this trojan / backdoor /
rootkit. If M$ removal tool has detected hackdef rootkit, you could cross
check your finding using AV software:
Kaspersky ==> Backdoor.HacDef.xxx
TrendMicro ==> BKDR_HACDEF.xx
CA ==> Win32.HacDef
Symantec ==> Backdoor.HackDefender
McAfee ==> HackerDefender
F-Secure ==> W32/HD.Rootkit.xx

Cheers,
Arif

|+---------------+---------------------------------|
|| Alex Stender| |
|| <alex.stende|         To: |
|| r@gmail.com>| pen-test@securityfocus.com |
|| |         cc:        (bcc: Arif |
|| 10/27/2005 | Jatmoko/IDN/SEA/CCA) |
|| 01:19 AM |         Subject: |
|| | Backdoor:Win32/Hackdef.E |
|| | |
|+---------------+---------------------------------|

After installing October's MS Malicious Software Removal tool, a
couple of server, one behing a Sonicwall TZ170 firewall have shown he
presence of Win32/Hackdef.E and Win32/Hackdef.T. The MS tools they
have been removed.

Has anyone had any experience with that trojan in terms of detecting
payload etc? Is there a security scanner to check for that specific
vulnerability?

Thanks

Alex

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Georgi Alexandrov: "Re: Blocking Port scans"
• Previous message: kukulkan: "Re: mac to ip address tools"
• Maybe in reply to: Alex Stender: "Backdoor:Win32/Hackdef.E"
• Next in thread: Marco Monicelli: "Re: Backdoor:Win32/Hackdef.E"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:06 EDT