Microsoft Adds 'Win32/Qakbot' Backddor to MSRT December Release

Microsoft has added the "Win32/Qakbot" family of backdoors to its MSRT detections. "Qakbot is composed of several components, including a keylogger, a password stealer and a user-mode rootkit. It's commonly distributed as the payload of what appear to be attacks, mainly targeted at enterprise installations. And, it tarts as a highly obfuscated JavaScript that downloads […]

Microsoft has added the "Win32/Qakbot" family of backdoors to its MSRT detections. "Qakbot is composed of several components, including a keylogger, a password stealer and a user-mode rootkit. It's commonly distributed as the payload of what appear to be attacks, mainly targeted at enterprise installations. And, it tarts as a highly obfuscated JavaScript that downloads and runs an installer and user-mode rootkit. At this point, Qakbot is hidden from the user while it downloads the rest of the Qakbot package."

"Qakbot next gathers information and steals anything that it can find. This includes login and password, banking information, user keystrokes and info about the local infection. All of the gathered info is then encrypted into a custom log file, and uploaded to a remote server via FTP," explains MSRT team.

In addition to all of these capabilities, the Qakbot family also has the ability to update itself to make sure that it's running a recent version of the malware.

[tags]qakbot,backdoor[/tags]

[Source]