Qakbot Virus Infections Rise Sharply
The Qakbot virus that attacks end-users' credentials for financial websites seems to be getting increasingly advanced and dangerous. Reportedly, following its debut in 2009, Qakbot, during April 2011, caused a sharp increase in its infections, contaminating over 20,000 computers daily, reports InformationWeek dated May 23, 2011.
Essentially, like any virus, Qakbot propagates by placing its replicas on removable drives and network shares.
And soon it runs on any PC, it pulls down and runs more malware, captures as well as transmits data to its remote controllers, while establishing a backdoor to enable them acquire admission into the system.
From this, it can be said that the perpetrators of Qakbot have been constantly attempting at making the malware increasingly successful. States Symantec that from in-field telemetry, it is evident that the virus writers are now getting far more hostile as well as successful while trying to contaminate any ordinary client.
Says Vikram Thakur, Principal Security Response Manager at Symantec, many information-stealing Trojans are circulating in the wild. But, the Qakbot is pretty widespread among all. Soon as it gets onto a PC, it knows its tasks quite well. Also its dependence on the C&C system is only occasionally. Unlike earlier variants, Qakbot contains far more in-built mechanisms, Mr. Thakur explains. SCMagazine reported this on May 23, 2011.
Moreover, the virus mayn't be as complex and identifiable as other data-stealing programs, particularly Zeus, yet arguably can disseminate more rapidly.
Essentially, Qakbot attacks owners of Internet bank accounts, while deftly records keystrokes, FTP passwords, e-mail, website activity, as well as digital certificates. During attack, it instantly uses the FTP details and seeks fresh websites for code injection following which it contaminates the computers that access those websites. However, it also propagates through detachable drives and network shares.
Fascinatingly, the virus manages to conceal log-out links alternatively divert end-users onto other channels while they try for closing the ongoing session. That assists in maintaining sessions active over an extended time. Logically therefore, Internet banking session can be kept running longer raising the attackers' possibilities towards manipulating it and illicitly moving funds elsewhere, Symantec says and InformationWeek reported thus.
Related article: Qakbot Trojan Propagating Like a Worm, Infecting as a Trojan
» SPAMfighter News - 01-06-2011