Backdoor.Hale is a package of programs that provide backdoor access to an infected computer. This threat includes a Backdoor Trojan detected as Backdoor.Padmin, an FTP server, and various system utilities.
The existence of a C:\Winnt\System32\Qossrv folder is an indication of a possible infection. Some variants use C:\Winnt\System32\Dhcp instead, but this folder may be present on uninfected computers.
There have been reports that this threat is distributed by exploiting the DCOM RPC vulnerability, described in Microsoft Security Bulletin MS03-026
. University domains have been heavily targeted.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.