Qakbot is eliminated by the FBI's Duck Hunt operation, sparing 7 lakh computers globally
Since its creation in 2008, Qakbot has been utilised in a number of cyberattacks and ransomware assaults.
The renowned Qakbot botnet was effectively taken down, and 7,00,000 PCs throughout the world had the malware uninstalled, according to the Federal Bureau of Investigation, the US government's domestic intelligence and security agency.
According to a news statement issued by the FBI, the operation, known as "Duck Hunt," included France, Germany, the Netherlands, Latvia, Romania, the United Kingdom, and the United States. Between payment for ransomware made between October 2021 and April 2023, the botnet received over $58 million.
According to a 'application for seizure warrant' from the US Department of Justice, the law enforcement organisation essentially gained control of Qakbot admin machines, allowing them to map the infrastructure of the botnet.
The agency claimed that after seizing control of the botnet, it redirected the botnet's network traffic to a server on American soil, where it instructed infected devices to download a unique tool in the form of a customised Windows DLL that eliminated the malware and stopped it from spreading to other computers.
How does Qakbot operate and what is it?
Since its creation in 2008, the Qakbot virus has been utilised in numerous ransomware campaigns and online crimes all around the world. Spam emails with malicious links and attachments, such as Word or Excel documents with macros, OneNote files, or Windows shortcuts, are frequently used to spread it.
Opening these files triggers Qakbot, which subsequently installs other malware, including some ransomware, onto the compromised computer. When deployed, Qakbot checks the victim's email to see if any phishing attacks are coming up.
Additionally, the system instantly joins the botnet, a network of infected devices that may be remotely controlled by their users. It does this by inserting itself into the memory of a legal Windows process, which allows it to avoid being discovered by security tools.
