MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR QAZ Worm Client Login access
QAZ is a Trojan Horse. Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. Details: This Trojan affects the following operating systems: Windows 95 Windows 98 Windows ME Windows NT Windows 2000 Windows XP No other systems are affected. This is a windows executable that makes changes to the system registry. The Trojan changes system startup files and registry settings to add the QAZ sever to programs normally started on boot. Ease of Attack: This is Trojan activity, the target machine may already be compromised. Updated virus definition files are essential in detecting this Trojan.
No information provided
No public information
No known false positives
Original Rule Writer Max Vision <vision@whitehats.com> Cisco Talos Nigel Houghton
No rule groups
None
No information provided
None