Hacktool.DFind Hack Tool

[Brad]

Behavior
Hacktool.DFind is a utility used to scan for vulnerabilities on remote computers.

Symptoms
Your Symantec program detects Hacktool.DFind.

Transmission
This utility can be installed manually or by a back door.

technical details
File names: Varies

Hacktool.DFind allows an attacker to probe a range of IP addresses to determine whether a host whose address is in that range is vulnerable to specific exploits or is running certain legitimate services.

When Hacktool.DFind is run, it performs the following actions:

   1. Scans for the following vulnerabilities and services:

          o Open TCP and UDP ports.
          o HP Web JetAdmin
          o PSOProxy Server
          o HP Web Server
          o Microsoft Frontpage
          o Hacktool.Radmin
          o RealServer
          o Apache Servers
          o IIS servers
          o Windows Media Service
          o IPC$ shares without password protection.
          o Weak write permissions in Microsoft IIS web server.
          o Backdoor.OptixPro.10 and variants.
          o Dictionary attacks on SQL Servers
          o NULL/NTAuth/Passworded connections on Hacktool.Radmin
          o The CCBill webserver module
          o The PHPbb webserver module
          o The PHP-Nuke webserver module.
          o WebDav enabled on IIS5.0 webservers
          o The Microsoft Windows IIS Index Server ISAPI System-level Remote Access Buffer Overflow
            (Microsoft MS01-033)
          o The Microsoft SQL Server MDAC buffer overflow (Microsoft MS02-040).

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/hacktool.dfind.html