Several Haxdoor Variants Impose Harmful Behavior
Several variants of the Haxdoor group of trojans have arisen over the last few days, informs PandaLabs. These trojans typically use 'rootkit' technology to steal personal user data and conduct online fraud and identity theft.
The Haxdoor variants that PandaLabs has identified have many common characteristics. These include their ability to install a rootkit program to hide processes, files, or entries.
Haxdoor rootkit is of kernel-mode although most of its attacks are in user-mode. Actually, it injects its attacks from kernel to user-mode. This is rather unique and quaint. The trojans use rootkit to conceal themselves on the PC from user and most of the conventional security software.
If a system has firewalls in it, the Haxdoor malware makes changes to it after compromising the computer so that it can execute its own malicious processes. The modifications help to remove all hurdles that a PC has to prevent data theft and transmission.
According to Luis Corrons, director of PandaLabs, the writers of these malicious codes seem to be mass mailing the trojans in attachments to spam messages. The security firm, therefore, recommends deleting all suspicious or irrelevant messages. These trojans have serious implications especially because they are capable to hide their actions by using a rootkit technology. The firm also suggests adding proactive technologies that processes detection on the basis of behavioral analysis to traditional anti-virus solutions.
Related article: Several Security Threats Will Surge In 2007
» SPAMfighter News - 23-10-2006