Qakbot steals 2Gbytes of information a week, says Symantec

The Qakbot botnet is uploading 2Gbytes of stolen confidential information to its FTP servers each week

The Qakbot botnet is uploading 2Gbytes of stolen confidential information to its FTP servers each week, say security researchers from Symantec.

The researchers monitored servers related to the botnet for two weeks and found the information includes online banking credentials, credit card information, social network credentials and e-mail account details.

"In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen," said Symantec's Patrick Fitzgerald in a blog post.

Logs on the servers analysed indicate Qakbot has infected both corporate and private computers, including 1,100 on the NHS network in the UK.

Enterprises should be particularly wary of this threat because it also functions as a downloader, said Symantec.

This leaves compromised corporate environments open to a more serious attack if appropriate action is not taken right away.

"What is clear from the data we have analysed is that people use bad habits for creating their passwords," said Fitzgerald.

These include using passwords that are easy to guess and using the same password across many different online services.

Symantec's Security Response is attempting to shut down the dump sites and command-and-control servers in order to neutralise current versions of Qakbot, he said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.