New Haxdoor variant spreading – do we have protection?

New variant of spying Trojan Haxdoor has been reported since Tuesday 10th Oct. It has e.g. the following names:

Backdoor.Haxdoor.R (Symantec)

BKDR_HAXDOR.AU (Trend)

Haxdoor-DG (Sophos)

and

BackDoor-BAC!55436 (McAfee)

I’m not saying this list is fully coverage, F-Secure, Kaspersky, NOD32 etc. detect previous versions at least. UPDATE 16th Oct: CA sees this as Win32/Haxdoor.BQ.
As we know, very well, it uses rootkit technics to hide the existence of Trojan, files and processes.

A very interesting question is: How can vendors without working rootkit detection detect these variants using improved rootkit technics?

Antirootkit.com has some statistics about malware that use rootkit technology.

Share