Examples of such tools include:
- Port scanners.
- Network sniffers and spoofers.
- Computer vulnerability scanners and exploiters. These can be used over networks or the Internet.
- Password stealers, which save the stolen passwords locally (that is, they do not send them out).
- Mail spammers that attack one victim by flooding the mailbox with mail.
- News group flooders that flood Usenet newgroups with messages.
These programs are in themselves, nonviral and generally do not cause harm to the attacker who deploys them. However, deployment of these utilities is usually harmful to the victims of the attacks, and they are usually considered a threat by network administrators.
NOTE: As these are tools that are used to create threats, rather than threats themselves, they do not have their own spreading mechanism. If you find one of these tools on your computer or network, in most cases it is there because someone download it or copied it there.
Symantec Security Response suggests that if your Symantec antivirus product detects Hacktool.Flooder (or variations such as Hacktool.Spammer or Hacktool) that you just delete it. If you see a message that it cannot be deleted, it may be running in memory. In this case, restart the computer in Safe mode, run a full system scan, and delete the threat when it is detected. All Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document How to start the computer in Safe Mode
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":