Good Riddance to Qakbot!

Control Servers Gone And Over 700,000 Infected Devices Cleaned Thanks To The FBI

The thought of the FBI rooting around your computer is not a comfortable one for many; in this case it was definitely for a decent cause.  Qakbot, aka Qbot or Pinkslipbot infected nearly a million devices at it’s peak, serving as an initial infection which could then be leveraged to install other malware.  Qakbot made millions for the creators of the malware during the roughly two years it has been in the wild.  It was quite complex software, difficult to block and even more difficult to detect once it got in.  That has all changed thanks to the work of the FBI, who broke the encryption Qakbot used to communicate to command and control servers, and managed to upload and spread their own version of the virus.

This new version, a custom DLL in fact, terminates any and all running Qakbot processes in memory.  This was extremely effective as one of the ways Qakbot evaded detection was to only execute commands from active memory and never from the drive, where it might be detected.  This does mean that the FBI never had to access your hard drive, which might assuage your concerns somewhat.  This is also not the first time the FBI has done this, as you can read about at Bleeping Computer.

If you are concerned you might have been infected, Have I Been Pwned has a list of the devices which you can reference.  How’s that for some good news?