Help - Search - Members - Calendar
Full Version: Haxdoor.ki Being Spammed
BleepingComputer.com > Security > Breaking Virus & Security News
   
quietman7
Aug 17 2006, 09:17 AM
QUOTE
There's a spam run of a new HaxDoor variant - HaxDoor.KI - now detected as Backdoor.Win32.Haxdoor.ki.

We have reports of it being spammed in both Swedish and German language messages...
f-secure.com
quietman7
Aug 18 2006, 10:55 AM
More on Haxdoor.KI
QUOTE
...most of the reports we continue to receive from Europe are about this one malware...
quietman7
Aug 26 2006, 08:01 PM
Last Updated: 2006-08-26 17:24:47 UTC
QUOTE
F-Secure has updated their description of Haxdoor.KI to note "The skyinet.info website (located in Russia) that the backdoor connects to, is now offering a URL that points to a file named samki.exe. This file contains a nasty payload that damages Windows beyond repair. This file can be downloaded and launched by a hacker to destroy all infected computers when time comes."

http://isc.sans.org/diary.php?storyid=1642
http://www.f-secure.com/v-descs/haxdoor_ki.shtml
quietman7
Sep 29 2006, 04:01 PM
Update
QUOTE
Haxdoor* rootkit-equipped backdoors are widely used - in the "Rechnungen" and "Räkningen" spam runs in Germany and Sweden for example. These changing Haxdoor variants are generated with a toolkit known as "A-311 Death"...
http://www.f-secure.com/weblog/archives/ar...6.html#00000982
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.