Hacker Defender Backdoor Detection

Critical Nessus Plugin ID 15517


The remote host has a backdoor installed.


The remote host is running the Hacker Defender rootkit. Among other things, it hooks itself into all open TCP ports on the system, listening for a specially crafted packet, and opening a backdoor on that port when found. This backdoor can be used by malicious users to control the affected host remotely.


Reinstall Windows.

Plugin Details

Severity: Critical

ID: 15517

File Name: hacker_defender.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Backdoors

Published: 2004/10/19

Modified: 2013/01/25

Dependencies: 11936

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C