1. Symantec/
  2. Security Response/
  3. Hacktool


Risk Level 1: Very Low

August 17, 2001
April 22, 2010 2:39:43 AM
Systems Affected:
Linux, Mac, Solaris, Windows
Hacktool is a detection name used by Symantec to identify programs that may be used by hackers to attack computer systems and networks. These programs are not generally malicious in and of themselves, but their use may be harmful to the victims of the attacks.

This detection is for multiple programs, including the following types of tools:
  • Keystroke loggers
  • Password stealers
  • Password crackers
  • Spam tools
  • Port scanners
  • Vulnerability scanners
  • Flooders
  • Patchers

Programs detected as Hacktool are designed to be executed deliberately. Although not considered to be malicious in the same sense as other malware, programs that fall into this category are usually considered to be a threat by system and network administrators as their use by malicious individuals can compromise system security. The programs may also compromise the security of home or shared machines when surreptitiously installed by a rogue user.

The programs are created for use by people with a degree of technical skill, be they network security professionals or simply amateurs. Tools such as port and vulnerability scanners that are ostensibly designed to be used by 'white-hat' or ethical individuals and professionals may also be open to abuse by 'black-hat' attackers. The term 'script kiddies' also exists to describe amateur self-termed 'hackers' who lack the technical skills of their own to develop exploits and perform attacks but instead use tools developed by others, often with little understanding of how they work. Script kiddies such as these therefore are likely to make use of programs that are covered by the Hacktool detection.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version August 17, 2001
  • Latest Rapid Release version January 23, 2018 revision 017
  • Initial Daily Certified version August 17, 2001 revision 003
  • Latest Daily Certified version January 23, 2018 revision 020
  • Initial Weekly Certified release date August 22, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Henry Bell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube