Qakbot steals 2Gbytes of information a week, says Symantec

News

Qakbot steals 2Gbytes of information a week, says Symantec

Warwick Ashford

The Qakbot botnet is uploading 2Gbytes of stolen confidential information to its FTP servers each week, say security researchers from Symantec.

The researchers monitored servers related to the botnet for two weeks and found the information includes online banking credentials, credit card information, social network credentials and e-mail account details.

"In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen," said Symantec's Patrick Fitzgerald in a blog post.

Logs on the servers analysed indicate Qakbot has infected both corporate and private computers, including 1,100 on the NHS network in the UK.

Enterprises should be particularly wary of this threat because it also functions as a downloader, said Symantec.

This leaves compromised corporate environments open to a more serious attack if appropriate action is not taken right away.

"What is clear from the data we have analysed is that people use bad habits for creating their passwords," said Fitzgerald.

These include using passwords that are easy to guess and using the same password across many different online services.

Symantec's Security Response is attempting to shut down the dump sites and command-and-control servers in order to neutralise current versions of Qakbot, he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy