Hacker Defender Backdoor Detection

critical Nessus Plugin ID 15517


The remote host has a backdoor installed.


The remote host is running the Hacker Defender rootkit. Among other things, it hooks itself into all open TCP ports on the system, listening for a specially crafted packet, and opening a backdoor on that port when found. This backdoor can be used by malicious users to control the affected host remotely.


Reinstall Windows.

Plugin Details

Severity: Critical

ID: 15517

File Name: hacker_defender.nasl

Version: Revision: 1.18

Type: remote

Family: Backdoors

Published: 10/19/2004

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information


Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C