Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Several Haxdoor Variants Impose Harmful Behavior

Several variants of the Haxdoor group of trojans have arisen over the last few days, informs PandaLabs. These trojans typically use 'rootkit' technology to steal personal user data and conduct online fraud and identity theft.

The Haxdoor variants that PandaLabs has identified have many common characteristics. These include their ability to install a rootkit program to hide processes, files, or entries.

Haxdoor rootkit is of kernel-mode although most of its attacks are in user-mode. Actually, it injects its attacks from kernel to user-mode. This is rather unique and quaint. The trojans use rootkit to conceal themselves on the PC from user and most of the conventional security software.
All the Haxdoor variants aim to steal passwords to gain entry into popular Internet services like eBay, ICQ, PayPal and WebMoney as well as many e-mail clients, including 'Outlook Express' and 'The Bat'. Haxdoor has infected over 2,300 people by installing a backdoor, keylogger and rootkit on their computers with the purpose to dig out private details, unnoticed.

If a system has firewalls in it, the Haxdoor malware makes changes to it after compromising the computer so that it can execute its own malicious processes. The modifications help to remove all hurdles that a PC has to prevent data theft and transmission.
PandaLabs has found several cases where attackers have developed a Trojan variant and hosted on corrupt websites. They, then, send out links to these websites through spam mails. Most anti-virus software cannot detect these new variants in their initial stages of release. So the Trojan on the infected PC is able to often disable the anti-virus program and escapes detection throughout.

According to Luis Corrons, director of PandaLabs, the writers of these malicious codes seem to be mass mailing the trojans in attachments to spam messages. The security firm, therefore, recommends deleting all suspicious or irrelevant messages. These trojans have serious implications especially because they are capable to hide their actions by using a rootkit technology. The firm also suggests adding proactive technologies that processes detection on the basis of behavioral analysis to traditional anti-virus solutions.

Related article: Several Security Threats Will Surge In 2007

» SPAMfighter News - 10/23/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page