Welcome to the Virus Encyclopedia of Panda Security.
HatFiend.10 allows the hackers to gain remote access to other computers, in order to carry out actions that compromise user confidentiality and impede the tasks performed on the computer.
HatFiend.10 allows to perform the following actions:
- Log keystrokes.
- Control the floppy drive, the hard drives, CD-ROM drive, etc.
- Carry out several actions on the programs MSN Messenger and Yahoo Messenger, as ending the current session.
- Hide and show the Windows Taskbar and Start button.
- In Windows Me/98/95 computers, it enables and disables the shortcut keys CTRL + ALT + Del.
- Open and close the CD-ROM tray.
- Run the programs WordPad, Paint, Telnet, Calculator, etc.
- Display messages on screen.
HatFiend.10 consists of four modules : a client program, a server program, an editor program and a server test program.
HatFiend.10 follows the routine below:
- In order to perform its actions, the server program must be installed in the affected computer. The affected user runs it without noticing.
- The hacker uses the editor program to determine the fake error message displayed on screen when the affected user runs the server program. This program looks as follows:
- The hacker configures the actions to be carried out on the affected computer using the client program:
- The hacker uses the server test program to simulate the actions of the server program, in order to check the effects on the affected computer.
- HatFiend.10 goes memory resident, opens the port 1871 and waits for a remote connection.
Means of transmission
HatFiend.10 does not use any specific means to spread. It can reach computers through the normal means used by viruses: e-mail messages with infected attachments, computer networks, CD-ROMs, Internet downloads, FTP, floppy disks, etc.
HatFiend.10 is written in the programming language Visual Basic. The file that carries the Trojan is 213,129 bytes in size.