14 DAY TRIAL // Microsoft extended the capabilities of a free security solution it’s offering to all Windows users so that it can tackle the Win32/Qakbot family of backdoors. Also known as Bzud, Qbot, and Pinkslipbot, Qakbot is a piece of malicious code with multiple malicious components designed to hand over access and control to an attacker once it has successfully infected a computer.
“Qakbot is composed of several components, including a keylogger, a password stealer and a user-mode rootkit.
“Qakbot is commonly distributed as the payload of what appear to be attacks, mainly targeted at enterprise installations,” revealed Dan Kurc and Aaron Putnam, from the Microsoft Malware Protection Center.
The latest version of the Windows Malicious Software Removal Tool is designed to detect and remove Qakbot from compromised computers.
As is the case with the previous releases, the most recent MSRT variant is offered automatically to Windows users worldwide.
With MSRT, the Redmond company is tackling a selection of malicious code as opposite to all malware, with the software giant adding new detections each month.
“Qakbot starts as a highly obfuscated JavaScript that downloads and runs an installer and user-mode rootkit,” Putnam explained.
“At this point, Qakbot is hidden from the user while it downloads the rest of the Qakbot package. Qakbot next gathers information and steals anything that it can find. This includes login and password, banking information, user keystrokes and information about the local infection.
“All of the gathered information is then encrypted into a custom log file, and uploaded to a remote server via FTP. In addition to all of these capabilities, the Qakbot family also has the ability to update itself to make sure that it's running a recent version of the malware.”
Users that are running genuine versions of Windows 7, Windows XP or Windows Vista can also download Microsoft Security Essentials free of charge from Microsoft.
Microsoft Security Essentials 1.0 is available for download here. Microsoft Windows Malicious Software Removal Tool is available for download here.