Thursday, 9 October 2014

Botnet of 500,000 computers - Qakbot Malware

The Attack Chain

Researchers have identified a botnet of 500,000 computers discovered that 52% of machinery exists that run on Windows XP. A comparatively very high percentage, since it no longer supported by Microsoft operating system worldwide share of between 14% and 24%.

The computers have been infected with qbot via known vulnerabilities in Adobe Flash Player, Java, Adobe Reader and Internet Explorer, also known as Qakbot. On infected computers qbot steals all kinds of data for Internet banking. Researchers from Proofpoint found that the login data of 800,000 accounts online banking were intercepted. In 59% of these cases involved one of the five largest American banks.

Further figures ( PDF ) show that the malware on the American Internet has provided, since 75% of the infected computers over an American IP address available. especially In addition to steal login details infected machines are also offered for other cybercriminals. Paid as proxy These criminals can the infected computers as a springboard for other attacks use or for storage or transportation of stolen data.

Following are the steps How It works:

1. Infecting Legitimate Websites

Infecting Legitimate Websites

2. Filtering Targets- Traffic Distribution Systems.

Filtering Targets- Traffic Distribution Systems

3. Getting Into The User's Machines -Exploits

Getting Into The User's Machines -Exploits

4. Stealing User Banking Credentials - Malware

Stealing User Banking Credentials - Malware

No comments:

Post a Comment