New Haxdoor variant spreading – do we have protection?
New variant of spying Trojan Haxdoor has been reported since Tuesday 10th Oct. It has e.g. the following names:
I’m not saying this list is fully coverage, F-Secure, Kaspersky, NOD32 etc. detect previous versions at least. UPDATE 16th Oct: CA sees this as Win32/Haxdoor.BQ.
As we know, very well, it uses rootkit technics to hide the existence of Trojan, files and processes.
A very interesting question is: How can vendors without working rootkit detection detect these variants using improved rootkit technics?
Antirootkit.com has some statistics about malware that use rootkit technology.