1. /
  2. Security Response/
  3. Hacktool

Hacktool

Risk Level 1: Very Low

Discovered:
August 17, 2001
Updated:
April 22, 2010 2:39:43 AM
Type:
Trojan
Systems Affected:
Linux, Mac OS X, Solaris, Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Hacktool is a detection name used by Symantec to identify programs that may be used by hackers to attack computer systems and networks. These programs are not generally malicious in and of themselves, but their use may be harmful to the victims of the attacks.

This detection is for multiple programs, including the following types of tools:
  • Keystroke loggers
  • Password stealers
  • Password crackers
  • Spam tools
  • Port scanners
  • Vulnerability scanners
  • Flooders
  • Patchers

Programs detected as Hacktool are designed to be executed deliberately. Although not considered to be malicious in the same sense as other malware, programs that fall into this category are usually considered to be a threat by system and network administrators as their use by malicious individuals can compromise system security. The programs may also compromise the security of home or shared machines when surreptitiously installed by a rogue user.

The programs are created for use by people with a degree of technical skill, be they network security professionals or simply amateurs. Tools such as port and vulnerability scanners that are ostensibly designed to be used by 'white-hat' or ethical individuals and professionals may also be open to abuse by 'black-hat' attackers. The term 'script kiddies' also exists to describe amateur self-termed 'hackers' who lack the technical skills of their own to develop exploits and perform attacks but instead use tools developed by others, often with little understanding of how they work. Script kiddies such as these therefore are likely to make use of programs that are covered by the Hacktool detection.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version August 17, 2001
  • Latest Rapid Release version June 25, 2014 revision 006
  • Initial Daily Certified version August 17, 2001 revision 003
  • Latest Daily Certified version June 25, 2014 revision 032
  • Initial Weekly Certified release date August 22, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Low
Writeup By: Henry Bell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver