The Web    Google
7/9: HacDef-F a New Backdoor Trojan

7/9: HacDef-F a New Backdoor Trojan
July 9, 2004

Troj/HacDef-F is a backdoor Trojan that is targeted at NT/2000/XP operating systems. As well as allowing unauthorized remote access to the victim's computer, this Trojan is able to hide information about the victim's system including files, folders, processes, services and registry entries.

When started the Trojan will copy itself to the Windows directory as svchost.exe, create and load a driver (hxdefdrv.sys) and set the following registry entries so as to auto start on system boot or user logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Network Service = C:\\svhost.exe

Troj/HacDef-F intercepts various system services and attempts to terminate various security or monitoring processes. The Trojan also modifies the current internet start page and internet SearchAssistant.

  • 5/3: SymbOS/Locknut-C Infects Handsets
  • Shaving Time From The Virus Race
  • XP SP2 Deadline Extended
  • FTC Urges Industry Solutions to Spyware
  • 3/16: Rbot-YB Worm OKs Remote Access
  • 3/4: Rbot-WV Worm Uses Bad Passwords
  • IBM Buy Helps Clients Pinpoint Identity
  • Ensuring Mobile Clients Comply with Security Policy
  • 3/25: Backdoor.Nibu-J Runs Keylogger
  • Symantec, Nortel Play Team Defense
  • 2/21: MyDoom-BC an Email Worm for Windows
  • Security Camera Related Information