Banks in Danger as Qakbot Reappears

Security researchers have raised warning against a unique type of malware, named the Qakbot Trojan that targets banks, as reported by EWS on November 9, 2010. Although Qakbot was first discovered in 2007 by the security firm Symantec, it is still very harmful and can damage the computer.

Though the Qakbot Trojan, named after its executable file- Qakbot.dll is not new, its features and attacking techniques set it apart from all other well known Trojans. Unlike other kinds of Trojans, it circulates like a worm but infects machine as a Trojan; indicating that users should be very careful now.

Qakbot acts in a very unique manner. After a user visits any website, this Trojan arranges the information or data in one of the following files: Seclog (HTP/S Post requests), System Information (IP, DNS server), or Protected Storage (usernames, passwords, and browsing history). In majority of the instances, this data is utilized for further attacks.

Commenting on the whole issue, Rivner, Head of New Technologies, Consumer Identity Protection at RSA, The Security Division of EMC stated that, neither it was available as a kit on the Internet nor it was put up for online sale. Rather it was probable that some professional gang created it, with focus on their own particular techniques. Besides, they customized Trojan to a particular segment i.e. large financial and commercial organizations and customers, as reported by BANK infosecurity on November 8, 2010.

As per Rivner, Qakbot is capable of blocking the IP addresses of the researchers, who attempt to explore more about this Trojan. Hence, cybercriminals had taken care of the likely threats directed towards Qakbot, as reported by EWS on November 9, 2010.

Remarkably, RSA's researchers have discovered a series of exclusive traits that makes this Trojan different from all other well known Trojans. For instance: Qakbot is the first and only Trojan that can infect multiple computers simultaneously, while also compromising information like a normal banker Trojan. Besides, Qakbot is the first Trojan that can differentiate targeted credentials from other compromised information from the client side, instead of a drop zone.

Conclusively, security experts stated that, there is no secure zone on the web world; as technologies would advance, dangers would also increase. Hence, users should take care of their PC and safeguard it from all risks.

Related article: Bank Issues Spam Alerts

» SPAMfighter News - 11/17/2010