11 October 2006
Haxdoor Trojan Affects Thousands in the UK
UK users have their personal data to worry about.
It was just revealed that thousands of users in the UK have had data stolen from their computers by the Haxdoor Trojan. Recently it was sent out throughout Europe through spam emails in an attachment some of which were named rakningen.zip or rechnung.zip.
The Metropolitan Police have been trying to contact people who may be affected by this by sending out email messages to them, but most of these messages have been ignored.
The Haxdoor Trojan is a backdoor and rootkit that has spying capabilities as well. It is able to hide itself and it's processes, therefor making it difficult to detect without anti-virus tools that use kernel drivers or rootkit detectors. When running it hides itself, but it also either hides the Winlogon.exe process or the Explorer.exe process. This can be very helpful in detecting if your computer is infected. Of course removing it is another issue. Also access to the sites of many anti-virus vendors will be blocked by the Trojan.
Haxdoor steals IMAP passwords, server names and usernames along with Inetcomm server passwords, Outlook passwords, POP passwords, POP server and user names, protected storage passwords, The Bat! passwords and Windows registration information. It can also steal some passwords that are stored in memory. This information will be posted on a server at the website of skynet.info.
Not only does it steal your information, but it also listens on TCP port 16661 for commands that can allow the hacker to download files from your computer or upload them to your computer, view file contents, find files, run files, send emails, show a messagebox, gain full access to the Windows Registry, enable or disable keyloggers, copy to and from the clipboard, move the location of the cursor, disable or enable the keyboard, change file attributes including its location, kill processes, disable drives, change the time, swap mouse buttons, take screenshots of a desktop, play media files, send messages to applications, start services, play a system beep, log off or shutdown Windows, open or close the CD-ROM tray, uninstall the Trojan, and open other ports.
To make matters worse a Haxdoor toolkit is being sold for $2000 on the black market by a Russian hacker called "Corpse" and allows anyone to create their own variant of the Trojan making it even more difficult to stop.
It was just revealed that thousands of users in the UK have had data stolen from their computers by the Haxdoor Trojan. Recently it was sent out throughout Europe through spam emails in an attachment some of which were named rakningen.zip or rechnung.zip.
The Metropolitan Police have been trying to contact people who may be affected by this by sending out email messages to them, but most of these messages have been ignored.
The Haxdoor Trojan is a backdoor and rootkit that has spying capabilities as well. It is able to hide itself and it's processes, therefor making it difficult to detect without anti-virus tools that use kernel drivers or rootkit detectors. When running it hides itself, but it also either hides the Winlogon.exe process or the Explorer.exe process. This can be very helpful in detecting if your computer is infected. Of course removing it is another issue. Also access to the sites of many anti-virus vendors will be blocked by the Trojan.
Haxdoor steals IMAP passwords, server names and usernames along with Inetcomm server passwords, Outlook passwords, POP passwords, POP server and user names, protected storage passwords, The Bat! passwords and Windows registration information. It can also steal some passwords that are stored in memory. This information will be posted on a server at the website of skynet.info.
Not only does it steal your information, but it also listens on TCP port 16661 for commands that can allow the hacker to download files from your computer or upload them to your computer, view file contents, find files, run files, send emails, show a messagebox, gain full access to the Windows Registry, enable or disable keyloggers, copy to and from the clipboard, move the location of the cursor, disable or enable the keyboard, change file attributes including its location, kill processes, disable drives, change the time, swap mouse buttons, take screenshots of a desktop, play media files, send messages to applications, start services, play a system beep, log off or shutdown Windows, open or close the CD-ROM tray, uninstall the Trojan, and open other ports.
To make matters worse a Haxdoor toolkit is being sold for $2000 on the black market by a Russian hacker called "Corpse" and allows anyone to create their own variant of the Trojan making it even more difficult to stop.
