Threat Report on 'Qakbot' by Microsoft Malware Protection Center

Microsoft Malware Protection Center today released a new "threat report on Qakbot" as a follow-up to the recently-released SIRv10."Qakbot is a backdoor that includes user-mode rootkit functionality to hide itself and also steal sensitive user data from infected machines.[…]We've long suspected that the Qakbot authors were taking code samples from the Internet and incorporating them […]

Microsoft Malware Protection Center today released a new "threat report on Qakbot" as a follow-up to the recently-released SIRv10.

"Qakbot is a backdoor that includes user-mode rootkit functionality to hide itself and also steal sensitive user data from infected machines.[…]We've long suspected that the Qakbot authors were taking code samples from the Internet and incorporating them into their malware as the family evolved. Recently, while reviewing some of the earliest samples of Qakbot, we found something interesting: NtIllusion debug strings," informed MMPC.

"NtIllusion is a rootkit that was first disclosed in an article within the underground security zine called Phrack in July of 2004. It includes functionality to hide processes, files, registry entries, and evidence of TCP/IP communication. It hooks several network communication APIs in order to steal POP3 and FTP passwords. This code still appears in Qakbot today," said the MMPC.

You can read more about Qakbot in the threat report by downloading it here.

[Source: MMPC]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.