© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
The Federal Bureau of Investigation, the US government’s domestic intelligence and security agency, announced it successfully dismantled the notorious Qakbot botnet and removed the malware from 7,00,000 machines worldwide.
According to a press release by the FBI, the action was part of a multinational operation dubbed ‘Duck Hunt’ and took place in countries like France, Germany, Netherlands, Latvia, Romania, the United Kingdom and the United States. Between October 2021 and April 2023, the botnet procured approximately $58 million from ransomware payments.
An ‘application for seizure warrant’ from the United States Department of Justice says the law enforcement agency effectively took control of Qakbot admin computers, which enabled them to map the botnet’s infrastructure.
After taking over the botnet, the agency said it redirected the botnet’s network communications to its own server in the United States, where it instructed infected devices to download a special tool in the form of a custom Windows DLL that removed the malware and prevented it from spreading to other machines.
The Qakbot malware was created in 2008 and has been used in several ransomware attacks and cybercrimes around the world. It is often distributed via spam emails that contain malicious links and attachments in the form of Word or Excel documents with macros, OneNote files or Windows shortcuts.
Opening these files activates Qakbot, which then downloads additional malware on the infected machine, including some ransomware. When installed, Qakbot also searches the victim’s email address for upcoming phishing campaigns.
Also, the computer automatically becomes a part of the botnet, which is basically a network of infected machines that can be remotely controlled by its users. It is able to evade detection by security software by injecting itself into the memory of a legitimate Windows process.
