Security News > 2023 > August > How the FBI nuked Qakbot malware from infected Windows PCs
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices.
Before we learn how the FBI uninstalled Qakbot from computers, it is essential to understand how the malware was distributed, what malicious behavior it performed, and who utilized it.
As part of today's announcement, the FBI states that they were able to dismantle the botnet by seizing the attacker's server infrastructure and creating a special removal tool that uninstalled the Qakbot malware from infected devices.
Based on an analysis of the FBI module by SecureWorks, this custom DLL file issued the QPCMD BOT SHUTDOWN command to the Qakbot malware running on infected devices, which causes the malware process to stop running.
As no notifications will be displayed on infected devices when the malware is removed, you can use these services to see if your credentials were stolen, indicating that you may have at one point been infected with the Qakbot malware.
The FBI previously received court approval to remove the Russian Snake data theft malware and the Emotet malware from infected devices, as well as web shells on Microsoft Exchange servers deployed in ProxyLogon attacks.
News URL
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)