Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at http://www.chappellseminars.com/.

Thursday, March 27, 2008

The "HackTool Virus" is Re-Released

Ah... it must be March. The frantic and outwardly snickering emails are flooding in - "did you know..." The excited caller exclaims, "Your Laura's Lab Kit has a virus on it! Really! I just put it in my drive and my virus detection software came up with a warning about the HackTool Virus! Another virus detection package says the DVD has a Hacker Tool virus as well. One of the applications, Cain and Abel, is infected!"




Note: The new Laura's Lab Kit v9 ISO image can be downloaded from:
http://www.novell.com/connectionmagazine/laurachappell.html

Ok, ok... before you get your iPod cables in a bunch, one vendor blew it by calling this the HackTool virus when they should have simply said you've got a hacker tool there, bubba. Let's quickly look at a description of the "Hacker Tool" designation from one of the VD (virus detection) vendors:

F-Secure's Description of "HackerTool"

Hacker Tool (generic description)
Hacker Tool is usually a standalone file. In many cases such tools are used by hackers to perform certain actions on a compromised computer, for example to crack passwords or to scan for vulnerable computers. It should be noted that such tools are sometimes used by system administrators.


Our corporate customers prefer hacker tools to be detected by F-Secure Anti-Virus. If a system administrator still wants to use a hacker tool, he can exclude the tool's file from scanning. For ordinary users running such tools should be prohibited.

Here's the scoop... the HackTool or Hacker Tools designation does indicate that there is a potentially unwanted program on your computer or on connected media. You do want to know about that, don't you? The Laura's Lab Kit always contains some programs that could potentially be nasty if used in the wrong hands -- Cain and Abel always makes VDs spew forth complaints. Even sweet little Wireshark can cause VDs to scream bloody murder.



Don't get me wrong, you probably do want to know when there's a HackTool issue on your system - a message that your system is infected with the HackTool.rootkit virus should make your skin crawl. But before you freak out about Laura's Lab Kit, check out which tools are associated with the HackTools warning - they may become your favorite secuirty research tools and replace your lost hours on World of Warcraft with the thrill of idle scanning or redirecting traffic usinig ICMP (instead of plain old ARP).



Oh... and one more thing... The fact that we release Laura's Lab Kit on the ides of March is purely coincidence! Now get back to work!

Laura