Security News > 2023 > August > The removal of Qakbot from infected computers is just the first step
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software.
The Qakbot administrators use a system of tiered servers to control the Qakbot malware installed on infected computers.
"Tier 1 servers are computers infected with Qakbot that have an additional software 'supernode' module installed that make them part of the control infrastructure for the botnet," the FBI explained in an application for a search warrant.
Tier 1 and Tier 2 servers forward communications between Qakbot infected computers and the Tier 3 server, which is the server through with the botnet is controlled.
Tier 3 servers can be used by Qakbot administrators or other cyber criminals who paid to send instructions to the infected computers.
"Those instructions can include downloading and installing on the victim computer a new version of the Qakbot malware or other malware, including ransomware. All of these communications are encrypted using keys known to the Qakbot administrators."