August 27, 2012

Hijacking Servers Remotely

Hijacking Servers Remotely with Hikit advanced persistent threat

Security researchers have revealed the existence of an advanced persistent threat that has been making the rounds since April 2011. Backdoor.Hikit  is a dangerous backdoor Trojan that will damage infected system and files. Usually, Backdoor. Hikit will open backdoor to allow remote attackers to connect to the infected system and carry out harmful activities, such as stealing information or destroying files and programs.

It is really stubborn those antiviruses often fail to delete it for good, for it runs secretly and automatically when Windows boots without your knowledge or consent and can disguise it as fake system files or processes. Besides, many other threats, such as adware, redirecting virus, Trojan variants from family, such as Trojan Horse Generic 27.PN, BackDoor.Hupigon5.CJMY, Trojan.Zeroaccess.C, Trojan:win64/Sirefef.E and so on, which is really a threat to system and data security.

According to experts from security firm Symantec, it all starts with the unknown dropper which installs a DLL backdoor onto the compromised device. This backdoor then installs the driver component that allows the attacker to communicate with the infected computer.

Unlike many other pieces of malware, Hikit doesn’t attempt to contact its command and control server once it infects a device. Instead, the kernel is designed to wait for the attacker to initiate communications, significantly reducing the threat’s operational capabilities.

Backdoor.Hikit is compromised of four components:

* Unknown dropper that compromises a system and installs a malicious  dynamic-link library (DLL) file
    * DLL that implements back door functionality and installs a kernel driver
    * Kernel driver that monitors network traffic for connections from an attacker
    * Client tool that attackers use to connect to the back door

It is greatly possible that your online saved accounts and passwords, personal and financial information will be exposed and transfer to remote hackers, which will lead to identified thief. To secure your computer and keep it away from any threats, you must get rid of Backdoor.Hikit without any hesitation.

Symantec is continuing to investigate this threat and will provide more information when available.