Malware like Qbot, also known as Qakbot, is categorised as a worm. The reason for this is the malware has the capability to spread and infect on its own at a very fast pace. This means if an organisation has failed to detect the initial compromise, the malware will continue to spread via network shares and removable drives, providing the operator or cyber criminal with a very large source of compromised endpoints.

The cyber criminal can then choose a variety of options, including theft of potential sensitive data, as well as facilitating a backdoor into the compromised organisation, giving the attacker an opportunity to steal credentials, deliver more sophisticated malware or in general cause disruption within the infrastructure.