1. /
  2. Security Response/
  3. Hacktool.Shanluprober

Hacktool.Shanluprober

Updated:
February 13, 2007 11:39:39 AM
Type:
Hack Tool
Version:
2.6.8
Publisher:
Shanlu
Risk Impact:
High
File Names:
WINNTAutoAttack.exe,CmdService.exe
Systems Affected:
Microsoft IIS, Windows 2000, Windows NT, Windows Server 2003, Windows XP

Behavior


Hacktool.Shanluprober is a hack tool with a Chinese Graphic User Interface (GUI). It enables the user to probe the servers of specified IP addresses to determine server vulnerability to attacks. The hacktool can also be used as a security-leveraging tool.

Symptoms


When "Kaishi" (Start) button is pressed, it sends a variety of TCP packets to the specified IP addresses. Once the task is completed, it displays the IP addresses and their accompanying vulnerability. While the hack tool is running, the current directory has several .exe files and .dll files that disappear when the tool is closed.

Transmission


Downloading manually from the Web.

Antivirus Protection Dates

  • Initial Rapid Release version October 2, 2014 revision 022
  • Latest Rapid Release version February 1, 2015 revision 020
  • Initial Daily Certified version October 14, 2004
  • Latest Daily Certified version January 26, 2015 revision 023
  • Initial Weekly Certified release date October 20, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver