The Qbot worm, also sometimes known as Qakbot, is not a new threat. First seen as far back as 2009, the malware continues to spread because online criminals have taken its original source code and continued to adapt it to evade detection.
Typically Qbot is being spread via compromised websites, hosting the Rig exploit kit. When a user visits the hacked site on a vulnerable computer, a malicious obfuscated script is silently executed to serve up the exploit and install the malware onto Windows PCs.
Furthermore, the malware is capable of detecting if it is running inside a Virtual Machine sandbox, and change its behavior in an attempt to avoid being spotted.
Qbot is primarily designed to harvest passwords and other credentials. Qbot sneaks and attempts to grab passwords from Windows’ Credential Store, potentially revealing network logins, and passwords used for Outlook, Windows Live Messenger, Remote Desktop and Gmail Messenger.
Also, Qbot attempts to access Internet Explorer’s password manager, stealing cached username and password credentials. With these details – and further credentials stolen from network traffic – Qbot’s attackers can break into FTP servers and infect other websites with exploit kits to spread their malware.
Furthermore, because of its backdoor capabilities, Qbot opens a potential route for hackers to steal sensitive data or intellectual property, disrupt infrastructure, or plant more sophisticated malware inside an organization.
0 comments:
Post a Comment