1. /
  2. Security Response/
  3. Hacktool.Rootkit

Hacktool.Rootkit

Risk Level 1: Very Low

Discovered:
September 27, 2001
Updated:
April 19, 2010 4:26:18 PM
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Hacktool.Rootkit is a detection name used by Symantec to identify malicious software programs that allows attackers to break into a system and hide the attack from the users.

Hacktool.Rootkit may include a back door allowing a remote attacker to access the compromised computer. They can be made up of a variety of programs and scripts that gain root access on a system and attempt to hide evidence of the intrusion.

There are two main types of rootkits:

User-mode rootkits:
User-mode rootkits manipulate processes, services, and applications by targeting system calls sent from applications run by a user.

Kernel-mode rootkits:
The kernel-mode rootkit is more sophisticated since it takes control of the operating system by hooking and manipulating system calls and APIs at a lower level.

Once installed, a rootkit may perform any of the following actions on the compromised computer:
  • Avoid Detection
  • Hide files and folders
  • Hide malicious code
  • Hide network connections
  • Hide system processes
  • Log keystrokes
  • Modify systems
  • Open a back door

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version September 27, 2001
  • Latest Rapid Release version July 18, 2014 revision 020
  • Initial Daily Certified version September 27, 2001 revision 007
  • Latest Daily Certified version July 19, 2014 revision 001
  • Initial Weekly Certified release date September 27, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 3 - 9
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium
  • Payload: Hides system changes and activities and may allow for remote access.

Distribution

  • Distribution Level: Low
Writeup By: Angela Thigpen

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver