Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Haxdoor.KI - Rootkit attack spreading in Europe

F-Secure has escalated this new variant of Haxdoor to MEDIUM RISK as it represents about 60% of their reported infections.

Haxdoor.KI - Rootkit attack spreading in Europe
http://www.f-secure.com/weblog/archives/archive-082006.html
http://www.f-secure.com/weblog/archives/europe.jpg
http://www.f-secure.com/v-descs/haxdoor_ki.shtml

Haxdoor.KI - On the 17th of August 2006 we received numerous reports of a new Haxdoor backdoor variant being spammed as an e-mail attachment to a large amount of people. The backdoor was spammed inside an archive named rakningen.zip. The backdoor's file, located inside the archive, is named rakningen.exe. (Swedish) We also have a report that it was spammed inside an archive named rechnung.zip as rechnung.exe. (German)

Haxdoor is a powerful backdoor with rootkit and spying capabilities. It can hide its presence, processes and files, on an infected system. So when it is active, it can only be detected by anti-virus programs that use kernel drivers and by rootkit detectors such as our F-Secure BlackLight. It can also be detected by F-Secure products that have a built-in anti-rootkit engine such as our F-Secure Internet Security 2006.

Posted: Aug 18 2006, 12:45 AM by Harry Waldron | with no comments