QakBot Malware causes a large number of Active Directory domains to be locked – Penetration Testing

According to foreign media reported on June 4, IBM security experts recently found hundreds of thousands of customers Active Directory domain in the bank by the virus QakBot attack after being locked.

Malware QakBot is a network worm that is self-replicating primarily through shared drives or mobile devices. The malware mainly for corporate bank accounts to steal user funds and private data, such as: digital certificates, cache credentials, HTTP (S) session authentication data, Cookie, authentication token and FTP, POP3 login credentials. Recently, QakBot was found against US government agencies, banks to carry out offensive activities, including the US National Treasury, corporate banking and commercial banks.

The survey showed that malware QakBot, in addition to using a special detection mechanism to circumvent the sandbox, also used dropper to execute explorer.exe and automatically injected the QakBot dynamic link library (DLL) in the process to destroy its original file propagation malware.

Security experts say the bank’s malware QakBot can also use the C & C server’s specific orders to keep up-to-date in order to spread over the target network. In addition, QakBot can exploit the “Man-in-the-Browser, MitB” attack to inject malicious code into an online bank session to get the script through the controlled domain name.

The post QakBot Malware causes a large number of Active Directory domains to be locked appeared first on Penetration Testing. http://ift.tt/2sFQEfB http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s