1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Adwind Communication

System Infected: Backdoor.Adwind Communication

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects potential jRAT communication with its controlling server

Additional Information

This remote admin tool is installed in a client machine and serves as an administration console to manage incoming connections from the servers to gain full access of the compromised system. The servers are compiled on the client machine using this tool and are deployed to remote hosts. Once the server is installed on the remote host, it will make a connection back to the client machine, thus resulting to remote access to the system.

Affected

  • Multiple

Response

You may wish to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube