Symantec Set Free a New Cyber Threat Called Backdoor.Hikit

Security researchers from security firm, Symantec have disclosed the presence of an advanced persistent threat (APT) making rounds since April 2011. Backdoor.Hikit is a very furious backdoor Trojan that destroys the infected systems and files.

Usually, Backdoor.Hikit will open to permit remote attackers to link to the infected system and continue the harmful activities, such as tracing information and destructing the files and programs.

Hikit contains for main four mechanism: a dropper that negotiates with the system, a dynamic-link library (DLL) file which gives you a backdoor functionally, a kernel drive that's in charge of screening network traffic, and a client tool that's utilize to link to the backdoor.

As per the experts' view from Symantec, it all began with the unidentified dropper, which initiate a DLL backdoor onto the conciliated device. This backdoor then install the driver constituent that permits the attackers to communicate with the infected computer.

To ignore being catalogued as malevolent, the DLL component is signed by two unlike digital certificates, one of which has already expired.

Also, Hikit has even more appealing features. Distinctive of many other parts of malware, Hikit doesn't effort to contact its command and control server once it pollutes a device. As an alternative, the kernel is manufactured to wait for the attacker to start communications, thereby decreasing the threat's operational capabilities.

The internet network is situated behind a router and firewall which makes it not easy for the attacker to arrive at the internet network hosting the compromised computer and effectively the attacker is now out.

According to the Mandiant, a provider of incident response and computer forensics solutions and services headquarter in Virginia (US), analysis the coming scene is not an issue for the attackers as Backdoor.Hikit actually compromises computers positioned in the internet-facing DMZ (demilitarized zone). DMZ depicts services over the internet and characteristically has less restrictive firewall rules (such as permit HTTP/HTTPS traffic over ports 80 and 443), which will permit the attacker to communicate with the compromised computers.

As always, the users of internet are suggested to use the recent anti-virus software to assure that no threats are connected with their system, concluded by Symantec.

Related article: Symantec Reports: Microsoft’s Vulnerability genesis of New Worm

» SPAMfighter News - 9/1/2012