New Variants of the Haxdoor Trojan Spread Across the Internet

PandaLabs informs that over the last few days, several variants of the Haxdoor family of Trojans have emerged. These Trojans use rootkit functions and try to steal confidential user details in order to commit online fraud and identity theft.

The new variants of Haxdoor detected by PandaLabs have several common characteristics. These characteristics include their capacity to install a rookit -a program designed to hide objects, such as processes, files, or entries-. The Haxdoor Trojans use this rootkit to hide themselves on the computer from both the user and the majority of traditional security solutions.

Similarly, all of the new variants detected are designed to steal passwords for popular Internet services, such as eBay, ICQ, Pay Pal or Web Money, and for many email clients, including Outlook Express or The Bat. A malicious user could use these details to carry out online fraud and identity theft.

These Trojans also make the necessary modifications so that the firewall installed on the computer authorizes their malicious processes. By doing this, they ensure that there are no obstacles to prevent them from sending out the stolen data.

According to Luis Corrons, director of PandaLabs, "it seems that the author or authors of these malicious codes are mass-mailing these Trojans as attachments to spam messages. For this reason, it is recommendable to delete any suspicious or unwanted email messages. These Trojans are very dangerous, above all due to their capacity to use a rootkit to hide their actions. Therefore, it is highly advisable to complement traditional antivirus solutions with proactive technologies that can detect suspicious processes based on behavioral analysis.

TruPrevent proactive detection technologies detect and block these new Trojans, so computers with these technologies have been protected from the moment they appeared.

write your comments about the article :: 2006 Computing News :: home page