Qakbot Malware Taking Down Enterprise Networks

By   ISBuzz Team
Writer , Information Security Buzz | May 26, 2017 05:35 am PST

A new evolving malware known as Qakbot is hitting that will lock companies out of their networks and infecting associated systems as well according to Cylance researchers. Michael Patterson, CEO at Plixer commented below.

Michael Patterson, CEO at Plixer:

“Malware continues to evolve as there is no shortage of vulnerabilities to exploit. Qakbot’s dynamic polymorphic abilities make it particularly evasive to antivirus systems. This means the virus can more easily maintain it’s presence without being detected. It does however need to communicate on the network in order to carry out its dastardly deeds. In the case of Qakbot, it uses HTTPS to communicate with command-and-control (C&C) and FTP to upload stolen data.  Network Traffic Analytics can be leveraged against flow data to watch for this one-two punch combination especially where odd FQDNs patterns are detected.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x