BKDR_PLUGX.AQT

BKDR_PLUGX.AQT is a member of the PlugX family of backdoor Trojans, a group of Trojans related to e-mail-based PoisonIvy attack campaigns in Asia. Along with some traditional backdoor features that allow criminals to compromise your computer easily, BKDR_PLUGX.AQT is structured in such a way as to force legitimate McAfee software to load BKDR_PLUGX.AQT automatically – a malicious DLL-loading tactic that's a hallmark of the PlugX family. Because BKDR_PLUGX.AQT is well-disguised as a component of a legitimate program, SpywareRemove.com malware experts suggest using anti-malware products to detect BKDR_PLUGX.AQT, which is likely to be accompanied by other PC threats. Naturally, deleting BKDR_PLUGX.AQT can proceed after its detection, and you should do it as quick as possible.

BKDR_PLUGX.AQT: Plugging into Your PC's Legit Software to Hide

BKDR_PLUGX.AQT is just one of many variants of PlugX backdoor Trojans, with other members including Troj/Plugx-G, BKDR_PLUGX.BUT, BKDR_PLUGX.SME, BKDR_PLUGX.DMI and BKDR_PLUGX.AI. Like the other recent variants of PlugX, BKDR_PLUGX.AQT is designed to be loaded as a malicious DLL component for a completely unrelated and benign application. Previous applications abused in this manner include Microsoft help files and Lenovo-brand software, but BKDR_PLUGX.AQT prefers to disguise itself as part of a McAfee-brand anti-malware product. BKDR_PLUGX.AQT's file name imitates the structure of the McAfee program that loads BKDR_PLUGX.AQT, making it seem like BKDR_PLUGX.AQT is an entirely benevolent component of that program – at least, to casual inspection.

BKDR_PLUGX.AQT then loads a second malicious component that's also detected as BKDR_PLUGX.AQT, and is mislabeled as an URL, presumably to throw off anti-malware programs. This allows BKDR_PLUGX.AQT to contact its C&C server, from which BKDR_PLUGX.AQT may:

• Download other forms of malicious software, most particularly, the Poison Ivy RAT.
• Upload any information that's stolen from your computer, such as passwords or system details.
• Receive further instructions on how to alter your PC with respect to its security and privacy settings.

This backdoor connection is, SpywareRemove.com malware researchers warn, entirely contained within the McAfee program's memory process, which can hinder any attempted detection by both manual and automated methods.

Unplugging BKDR_PLUGX.AQT from Your Application

BKDR_PLUGX.AQT does include some fairly well-developed defenses against being detected, but its main purpose appears to be to install more specialized PC threats than itself, such as the Poison Ivy RAT. BKDR_PLUGX.AQT attacks, like all PlugX attacks, are initiated mainly via e-mail spam messages that include Trojan droppers for BKDR_PLUGX.AQT as file attachments. SpywareRemove.com malware experts recommend scanning unusual e-mail downloads on a habitual basis, which should allow you to detect and delete Trojans related to BKDR_PLUGX.AQT attacks before your PC can be compromised.

Appropriate anti-malware applications should be able to remove BKDR_PLUGX.AQT and any other PC threats associated with BKDR_PLUGX.AQT. However, in light of the DLL-loading strategies used by the PlugX family, SpywareRemove.com malware researchers most warn victims to avoid trying to remove BKDR_PLUGX.AQT while the program that loads BKDR_PLUGX.AQT's DLL file is open.
BKDR_PLUGX.AQT and other members of the PlugX family are of particular concern to Asia, with nations such as China, Taiwan and Japan under concerted attack from this family.

Technical Details