1. Symantec/
  2. Security Response/
  3. Hacktool.Unknown


Risk Level 1: Very Low

July 7, 2003
May 26, 2010 3:18:12 PM
Systems Affected:
Linux, Mac, Solaris, Windows
Hacktool.Unknown is a detection name used by Symantec to identify programs that may be used by hackers to attack computer systems and networks. These programs are not generally malicious in and of themselves, but their use may be harmful to the victims of the attacks.

This detection is for multiple programs, including the following types of tools:
  • Keystroke loggers
  • Password stealers
  • Password crackers
  • Spam tools
  • Port scanners
  • Vulnerability scanners
  • Flooders
  • Patchers

Programs detected as Hacktool.Unknown are designed to be executed deliberately. Although not considered to be malicious in the same sense as other malware, programs that fall into this category are usually considered to be a threat by system and network administrators as their use by malicious individuals can compromise system security. The programs may also compromise the security of home or shared machines when surreptitiously installed by a rogue user.

The programs are created for use by people with a degree of technical skill, be they network security professionals or simply amateurs. Tools such as port and vulnerability scanners that are ostensibly designed to be used by 'white-hat' or ethical individuals and professionals may also be open to abuse by 'black-hat' attackers. The term 'script kiddies' also exists to describe amateur self-termed 'hackers' who lack the technical skills of their own to develop exploits and perform attacks but instead use tools developed by others, often with little understanding of how they work. Script kiddies such as these therefore are likely to make use of programs that are covered by this detection.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version October 2, 2014 revision 022
  • Latest Rapid Release version February 1, 2015 revision 020
  • Initial Daily Certified version July 7, 2003
  • Latest Daily Certified version July 7, 2003
  • Initial Weekly Certified release date July 9, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Henry Bell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube