Trojan/Backdoor Detection - QAZ Worm

Critical Nessus Network Monitor Plugin ID 6223


The remote host has been compromised and is running a 'Backdoor' program


The remote host seems to be running a trojan or 'backdoor' program - QAZ Worm remote access. This is typically an indicator that the machine has been compromised and is now being remotely controlled


As the system appears to be compromised, you should both inspect and manually clean the remote system.

Plugin Details

Severity: Critical

ID: 6223

File Name: 6223.prm

Family: Backdoors

Published: 2012/01/06

Modified: 2016/01/15

Risk Information

Risk Factor: Critical