Operators of Qbot Botnet are Targeting Public Organisations in US

Various other vendors of cyber-security identified the Qbot malware as Oakbot, which was discovered first in 2009 at the time when operators began distributing it having the purpose of stealing credentials of user, making backdoors on devices that are infected and forming a world-spanning botnet.

This botnet's activity has been comparatively silent as compared to various other bigger operators of botnet, however spikes can be seen each and every time whenever new feature is updated in the malware.

The malware also called as Qakbot botnet, was first showed up in 2009, and was uploading 2GB stolen confidential information in its FTP servers every week by April 2010 from public and private sector computers, which include 1,100 on the NHS network in UK.

According to experts of BAE System, Qbot malware have got one such main update that has contributed with the latest spike of activity, particularly after 2015 December and during early 2016.

This Qbot new variant embraces a latest method known as polymorphism, which gained popularity during last year as seen by Webroot experts. Softpedia.com posted on April 13th, 2016, quoting experts of BAE Systems as saying Qbot uses a two-stage polymorphism process generating unique samples of malware for every computer infected with virus.

BAE Systems published a whitepaper, according to which the malware is a network-aware worm with backdoor capabilities mainly designed as a credential harvester and delivered by using the Rig exploit kit.

For this situation, it is Qbot malware that when downloaded on infected PC, instantly tries to increase to adjoining workstations.

To perform this, network-shared folders are used by Qbot. If these types of folders are protected with passwords, then Qbot attempts to stole credentials from Windows Credential Manager and Internet Explorer. If these strategies come up short, Qbot additionally accompanies with a common user as well as password list combos, which it utilizes to increase brute-force attacks.

Qbot contacts its C&C server from where it gets updates at regular intervals (six hours), after infecting as much victims as possible. Besides directions on what to do, these updates additionally contain new variants of malware, created through the two-stage polymorphism process, which changes structure of Qbot letting it to evade most of the antivirus software.

» SPAMfighter News - 4/21/2016