1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Miniduke 4

System Infected: Backdoor.Miniduke 4

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Backdoor.Miniduke activity on compromised system.

Additional Information

When the Trojan is executed, it creates the following files:

%AppData%\[FILE NAME].[EXT]
%UserProfile%\Local Settings\Temporary Internet Files\eu_advisory.pdf
%AllUsersProfile%\Application Data\Adobe\[FILE NAME].[EXT]

Note: [FILE NAME] is variable and subject to change. Example names include the following:

app
base
bot
cache
class
com
config
data
dde
index
init
mui
network
profile
prov
reg
setup
stat
svc
system
user
wmi
xml


Note: [EXT] is variable and subject to change. Example names include the following:

bin
cat
dat
db
idx


The Trojan creates the following file so that it runs every time Windows starts:
%UserProfile%\Start Menu\Programs\Startup\[FILE SHORTCUT].lnk

Affected

  • Various windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube