Qakbot Trojan Propagating Like a Worm, Infecting as a Trojan

According to the RSA Online Fraud Report published on 25 October, 2010, Qakbot a unique kind of malware is penetrating into global financial institutions and prominent banks. Qakbot is a different kind of malware that possesses the ability to propagate like a worm and infect as a Trojan.

This Qakbot malware is trying to breakthrough corporate and business accounts. Qakbot is named after its main executable file, _qakbot.dll.

The RSA FraudAction Research Lab has unveiled some of the exclusive features of Qakbot that were never seen before in any of the other monetary crimeware. The Qakbot malware prefers to target shared networks so that it can copy its executable files into the shared directories. This way it can distribute and infect every machine on that particular network.

Qakbot possesses the ability to infect multiple computers simultaneously, while compromising banking credentials similar to any other type of banking Trojans. Moreover, according to the experts, it is the only Trojan that has almost exclusively targeted the U.S. banks.

A recent research on Qakbot reveals the fact that its hit list mainly includes large US-based financial institutions, with a few Non-US institutions. The aim of Qakbot is to draw out huge sums of money.

On the other hand, the researchers are still finding out the technique through which malware obtains money from the corporate bank accounts. So far, there have been no indications of the JavaScript or HTML code injections or Web Trojan attacks like Man-in-the-Browser that are normally used to avoid the two-factor verification processes, which normally guard these high-asset accounts.

RSA researchers stated that, though the worm was not absolutely innovate and new, it was unique and quite effective, as reported by CRN on Oct. 25, 2010.

Conclusively, security experts highlighted the fact that Qakbot is an organization dynamo. Up till now, it most popular victim was the National Health Service (NHS), the UK's publically funded healthcare system. It infected around over 1,100 machines and while there was no proof that the patients' information was hacked, credentials worth 4 GB, were observed being directed through NHS monitored servers, from popular websites like, Facebook, Twitter, Hotmail, Gmail, and Yahoo.

Related article: Qakbot Virus Infections Rise Sharply

» SPAMfighter News - 10/30/2010