The latest version of Qakbot has spread amongst corporate computers, leading security firm Symantec to issue a warning that companies need to beware of the bot's worm-like propagation.
Between early April and early May, Symantec researchers saw the number of Qakbot-infected computers jump to more than 200,000, much higher than average, according to a report released by the company. Activity from the bot surges every three to six months, but rarely exceeds 50,000 compromised systems, says Vikram Thakur, principal security response manager for Symantec's threat intelligence group.
"This is definitely something to watch out for, considering it has been under development and it has been continuously evolving over the past few years," Thakur says. "This threat is a major problem for corporations because of just the way it actually spreads within an environment."
Recently, Qakbot appeared online signed with a valid digital key, a technique used by the Stuxnet worm, to appear to be legitimate software. The bot is seeded within a company using compromised websites to push code to potential victims. Once inside a corporation, the bot program turns worm-like and spreads to open file shares and internal websites, which typically have far less security than external facing services, says Thakur.
"These things are not locked down as much as we imagine inside corporations," he says.
Once on a computer, Qakbot steal banking credentials and other files. The program allows the cybercriminal group controlling the botnet to inject transactions into online banking sessions, stealing money from the victim's account.
Because of its success within corporation, the bot program could also be used to steal corporate data. For cybercriminals, however, bank account credentials continue to be a ready source of cash, so it's likely that they will continue to focus their efforts there.
"The ultimate aim, like almost every other threat we see, is to make money," Thakur says. "And these guys are using the most lucrative data they can get to make money."