Posted on Saturday March 02, 2019

itwbennett writes: Security researchers at Varonis have uncovered a new attack using a new version of the venerable Qbot malware that "creates scheduled tasks and adds entries to the system registry to achieve persistence," writes Lucian Constantin, reporting on the attack for CSO. "The malware then starts recording all keystrokes typed by users, steals credentials and authentication cookies saved inside browsers, and injects malicious code into other processes to search for and steal financial-related text strings." The researchers "found logs showing 2,726 unique victim IP addresses," writes Constantin, but because "computers inside an organization typically access the internet through a shared IP address, the researchers believe the number of individually infected systems to be much larger." The malware first appeared in 2009 and was found to be uploading 2GB of stolen confidential information to its FTP servers each week by April 2010 from private and public sector computers, including 1,100 on the NHS network in the UK. A modified version of the malware resurfaced in April 2016 that was believed to have infected more than 54,000 PCs in thousands of organizations around the world. As Varonis now reports, Qbot is making yet another comeback.

Celebrating 35+ Years

Off-Site Cloud Backups

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016