The Web    Google
7/9: HacDef-F a New Backdoor Trojan

7/9: HacDef-F a New Backdoor Trojan
July 9, 2004

Troj/HacDef-F is a backdoor Trojan that is targeted at NT/2000/XP operating systems. As well as allowing unauthorized remote access to the victim's computer, this Trojan is able to hide information about the victim's system including files, folders, processes, services and registry entries.

When started the Trojan will copy itself to the Windows directory as svchost.exe, create and load a driver (hxdefdrv.sys) and set the following registry entries so as to auto start on system boot or user logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Network Service = C:\\svhost.exe

Troj/HacDef-F intercepts various system services and attempts to terminate various security or monitoring processes. The Trojan also modifies the current internet start page and internet SearchAssistant.

  • Application Insecurity --- Who is at Fault?
  • Senate Panel Approves Anti-Spyware Bill
  • 3/16: Trojan.Alpiok Modifies Hosts File
  • XP SP2 Deadline Extended
  • Netsky-D Ranked as High Risk
  • Critical Flaws Spoil Opera Tune
  • AntiOnline Spotlight: Trojan Force
  • 11/23: BackDoor-CLK Trojan Copies Itself
  • Meta Group Slams Wireless LAN Suppliers on Security
  • Understanding and Preventing DDoS Attacks
  • 4/15: Sdbot-XC Worm Targets Passwords
  • Security Camera News