1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Qadars Activity

System Infected: Backdoor.Qadars Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the network activity generated by Backdoor.Qadars.

Additional Information

When the Trojan is executed, it creates the following files:

%User Profile%\Application Data\Microsoft\AddIns\mudemqk.exe
%Windir%\Tasks\[32 RANDOM HEXADECIMAL CHARACTERS].job

The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:

Gather information from the computer, including data on the installed operating system, hardware and software
Perform man-in-the-browser attacks
Steal certificates and credentials
Manipulate cookies
Download files
Update the Trojan
Restart the computer
Uninstall the Trojan


The Trojan may also try to trick the user into installing malware on their mobile device.

Affected

  • Windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube