Hacker Defender Backdoor Detection

critical Nessus Plugin ID 15517

Synopsis

The remote host has a backdoor installed.

Description

The remote host is running the Hacker Defender rootkit. Among other things, it hooks itself into all open TCP ports on the system, listening for a specially crafted packet, and opening a backdoor on that port when found. This backdoor can be used by malicious users to control the affected host remotely.

Solution

Reinstall Windows.

Plugin Details

Severity: Critical

ID: 15517

File Name: hacker_defender.nasl

Version: Revision: 1.18

Type: remote

Family: Backdoors

Published: 10/19/2004

Updated: 1/25/2013

Supported Sensors: Nessus