Security News > 2023 > August > Qakbot botnet disrupted, malware removed from 700,000+ victim computers
The Qakbot botnet has been crippled by the US Department of Justice: 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world.
"To disrupt the botnet, the FBI was able to redirect Qakbot botnet traffic to and through servers controlled by the FBI, which in turn instructed infected computers in the United States and elsewhere to download a file created by law enforcement that would uninstall the Qakbot malware. This uninstaller was designed to untether the victim computer from the Qakbot botnet, preventing further installation of malware through Qakbot," the Department explained.
The Qakbot uninstaller delivered to the victims will remove that particular malware from the infected computers, but can't delete other malware that may be installed on them.
"As a result of this operation, the FBI and the Dutch National Police have identified numerous account credentials that were compromised by the Qakbot actors," the DOJ noted, and pointed users towards the Have I Been Pwned service and a website set up by the Dutch National Police that may reveal whether their email account credentials have been harvested by the Qakbot operators.
"The FBI has gained access to portions of the Qakbot computer infrastructure, including the Qakbot Admin Computers. On one such computer used by a Qakbot administrator, the FBI located many files related to the operation of the Qakbot botnet. Those files included communications between the Qakbot administrators and co-conspirators and a directory containing several files holding information about virtual currency wallets," it has been explained in the FBI application for a warrant for the seizure of these funds.
The FBI said they've also found a file that contained a list of ransomware victims, details about the ransomware group, computer system details, dates, and an indication of the amount of bitcoin paid to the Qakbot administrators in connection with the ransomware attack.
News URL
https://www.helpnetsecurity.com/2023/08/29/qakbot-botnet-disrupted-malware-removed/