Qakbot Trojan Propagating Like a Worm, Infecting as a Trojan
According to the RSA Online Fraud Report published on 25 October, 2010, Qakbot a unique kind of malware is penetrating into global financial institutions and prominent banks. Qakbot is a different kind of malware that possesses the ability to propagate like a worm and infect as a Trojan.
This Qakbot malware is trying to breakthrough corporate and business accounts. Qakbot is named after its main executable file, _qakbot.dll.
The RSA FraudAction Research Lab has unveiled some of the exclusive features of Qakbot that were never seen before in any of the other monetary crimeware. The Qakbot malware prefers to target shared networks so that it can copy its executable files into the shared directories. This way it can distribute and infect every machine on that particular network.
A recent research on Qakbot reveals the fact that its hit list mainly includes large US-based financial institutions, with a few Non-US institutions. The aim of Qakbot is to draw out huge sums of money.
RSA researchers stated that, though the worm was not absolutely innovate and new, it was unique and quite effective, as reported by CRN on Oct. 25, 2010.
Conclusively, security experts highlighted the fact that Qakbot is an organization dynamo. Up till now, it most popular victim was the National Health Service (NHS), the UK's publically funded healthcare system. It infected around over 1,100 machines and while there was no proof that the patients' information was hacked, credentials worth 4 GB, were observed being directed through NHS monitored servers, from popular websites like, Facebook, Twitter, Hotmail, Gmail, and Yahoo.
Related article: Qakbot Virus Infections Rise Sharply
» SPAMfighter News - 30-10-2010