A recent report conducted by Proofpoint indicates large number of WordPress websites that had been compromised to perform a drive-by download of Qbot, also known as Qakbot, a malicious software program.
Proofpoint analyzed the malware and found an unprotected control panel on a server used by the gang to control the computers. The control panel yielded a wealth of information about the malware campaign, which Proofpoint said collected 800,000 credentials for online bank accounts, many of which were at five US banks and some Europe-based financial institutions.
52% of the compromised computers were running Windows XP, and most of those computers were running Internet Explorer. Qbot uses a technique called browser “hooking” to steal banking credentials.
In addition to stealing online banking credentials, the attackers also appear to be making money from the hacked computers in other ways. The Qbot malware also has a module called “SocksFabric” for a tunneling network. That network can be rented to other cybercriminals who can use the hacked computers as proxies to shuffle their own data around or mask their activity.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.