1. /
  2. Security Response/
  3. Hacktool.Unknown

Hacktool.Unknown

Risk Level 1: Very Low

Discovered:
July 7, 2003
Updated:
May 26, 2010 3:18:12 PM
Type:
Trojan
Systems Affected:
Linux, Mac OS X, Solaris, Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Hacktool.Unknown is a detection name used by Symantec to identify programs that may be used by hackers to attack computer systems and networks. These programs are not generally malicious in and of themselves, but their use may be harmful to the victims of the attacks.

This detection is for multiple programs, including the following types of tools:
  • Keystroke loggers
  • Password stealers
  • Password crackers
  • Spam tools
  • Port scanners
  • Vulnerability scanners
  • Flooders
  • Patchers

Programs detected as Hacktool.Unknown are designed to be executed deliberately. Although not considered to be malicious in the same sense as other malware, programs that fall into this category are usually considered to be a threat by system and network administrators as their use by malicious individuals can compromise system security. The programs may also compromise the security of home or shared machines when surreptitiously installed by a rogue user.

The programs are created for use by people with a degree of technical skill, be they network security professionals or simply amateurs. Tools such as port and vulnerability scanners that are ostensibly designed to be used by 'white-hat' or ethical individuals and professionals may also be open to abuse by 'black-hat' attackers. The term 'script kiddies' also exists to describe amateur self-termed 'hackers' who lack the technical skills of their own to develop exploits and perform attacks but instead use tools developed by others, often with little understanding of how they work. Script kiddies such as these therefore are likely to make use of programs that are covered by this detection.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version October 2, 2014 revision 022
  • Latest Rapid Release version February 1, 2015 revision 020
  • Initial Daily Certified version July 7, 2003
  • Latest Daily Certified version July 7, 2003
  • Initial Weekly Certified release date July 9, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Henry Bell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report