1. Symantec/
  2. Security Response/
  3. Hacktool.Shanluprober

Hacktool.Shanluprober

Updated:
February 13, 2007 11:39:39 AM
Type:
Hack Tool
Version:
2.6.8
Publisher:
Shanlu
Risk Impact:
High
File Names:
WINNTAutoAttack.exe,CmdService.exe
Systems Affected:
Microsoft IIS, Windows

Hacktool.Shanluprober is a hacktool with a Chinese (Simplified) GUI.


When hack tool is executed, it:

  1. Creates the following files:
    • CmdService
    • R_Server.exe (this is detected as Remacc.Radmin)
    • AdmDll.dll
    • raddrv.dll

      When the hack tool is closed, these files are deleted.

  2. The hack tool performs the following:
    • Lets the user specify the range of IP addresses to probe.
    • Lets the user select a vulnerability or a combination of vulnerabilities to search for.
    • Displays on the interface the type of vulnerability of each IP address.
    • May be able to modify the command to send as the user wants.

  3. The hacktool searches for the following vulnerabilities:
    • Microsoft Internet Information Services (IIS)
    • Microsoft SQL server
    • NetBIOS (weak password)

The hack tool can also be used to determine if security is being compromised while using the following applications:
    • Microsoft Internet Information Services (IIS)
    • Microsoft SQL server
    • NetBIOS (weak password)

A sample image is shown here.




Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube