Hacktool.Unknown is a detection name used by Symantec to identify programs that may be used by hackers to attack computer systems and networks. These programs are not generally malicious in and of themselves, but their use may be harmful to the victims of the attacks.
This detection is for multiple programs, including the following types of tools:
- Keystroke loggers
- Password stealers
- Password crackers
- Spam tools
- Port scanners
- Vulnerability scanners
Programs detected as Hacktool.Unknown are designed to be executed deliberately. Although not considered to be malicious in the same sense as other malware, programs that fall into this category are usually considered to be a threat by system and network administrators as their use by malicious individuals can compromise system security. The programs may also compromise the security of home or shared machines when surreptitiously installed by a rogue user.
The programs are created for use by people with a degree of technical skill, be they network security professionals or simply amateurs. Tools such as port and vulnerability scanners that are ostensibly designed to be used by 'white-hat' or ethical individuals and professionals may also be open to abuse by 'black-hat' attackers. The term 'script kiddies' also exists to describe amateur self-termed 'hackers' who lack the technical skills of their own to develop exploits and perform attacks but instead use tools developed by others, often with little understanding of how they work. Script kiddies such as these therefore are likely to make use of programs that are covered by this detection.
If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.