Several Haxdoor Variants Impose Harmful Behavior

Several variants of the Haxdoor group of trojans have arisen over the last few days, informs PandaLabs. These trojans typically use 'rootkit' technology to steal personal user data and conduct online fraud and identity theft.

The Haxdoor variants that PandaLabs has identified have many common characteristics. These include their ability to install a rootkit program to hide processes, files, or entries.

Haxdoor rootkit is of kernel-mode although most of its attacks are in user-mode. Actually, it injects its attacks from kernel to user-mode. This is rather unique and quaint. The trojans use rootkit to conceal themselves on the PC from user and most of the conventional security software.
All the Haxdoor variants aim to steal passwords to gain entry into popular Internet services like eBay, ICQ, PayPal and WebMoney as well as many e-mail clients, including 'Outlook Express' and 'The Bat'. Haxdoor has infected over 2,300 people by installing a backdoor, keylogger and rootkit on their computers with the purpose to dig out private details, unnoticed.

If a system has firewalls in it, the Haxdoor malware makes changes to it after compromising the computer so that it can execute its own malicious processes. The modifications help to remove all hurdles that a PC has to prevent data theft and transmission.
PandaLabs has found several cases where attackers have developed a Trojan variant and hosted on corrupt websites. They, then, send out links to these websites through spam mails. Most anti-virus software cannot detect these new variants in their initial stages of release. So the Trojan on the infected PC is able to often disable the anti-virus program and escapes detection throughout.

According to Luis Corrons, director of PandaLabs, the writers of these malicious codes seem to be mass mailing the trojans in attachments to spam messages. The security firm, therefore, recommends deleting all suspicious or irrelevant messages. These trojans have serious implications especially because they are capable to hide their actions by using a rootkit technology. The firm also suggests adding proactive technologies that processes detection on the basis of behavioral analysis to traditional anti-virus solutions.

Related article: Several Security Threats Will Surge In 2007

» SPAMfighter News - 23-10-2006

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial