𝑊𝐴𝑅𝑁𝐼𝑁𝐺: 𝐴𝑛 𝑜𝑙𝑑 𝑣𝑖𝑟𝑢𝑠 𝑡ℎ𝑎𝑡 𝑎𝑡𝑡𝑎𝑐𝑘𝑠 𝑊𝑖𝑛𝑑𝑜𝑤𝑠 𝑐𝑜𝑚𝑒𝑠 𝑏𝑎𝑐𝑘 𝑎𝑔𝑎𝑖𝑛 𝑎𝑛𝑑 𝑡ℎ𝑖𝑠 𝑡𝑖𝑚𝑒 𝑖𝑡'𝑠 𝑠𝑡𝑟𝑜𝑛𝑔𝑒𝑟

  In 2008, Qakbot, a malicious program that attacked companies and users to steal information by exploiting a security flaw in Windows, appeared. Fortunately, developments in cybersecurity and Microsoft's efforts have been able to stop the threat for a while, but not forever. According to Cisco Talos researchers , Qakbot was recently updated and returned again.

 The malicious software has regenerated its system so that it can remain on a computer without being detected by users or security systems and programs. The latest version of Qakbot is supported by a dropper, a program to install malicious code from the program itself or from external servers, making it unnoticed by an antivirus program. 
In the case of Qakbot's dropper, it can connect to multiple Internet addresses where malware that is created in JavaScript is hosted. It is important to note that the above addresses do not always belong to the hackers; however, some have been stolen to be used for data theft purposes. 
Once the malicious code is installed on the computer, it starts requesting its own implementation instructions, which are hosted on the external server. These instructions contain XOR encryption, while avoiding the possibility of knowing their true purpose if intercepted.

When the implementation process is completed and the malicious program contains its instructions, it begins to steal information in the background. According to researchers, Internet criminals are looking for special data that allows them, for example, access to bank accounts. Cisco Talos has shared a list of domains included in malware that can help prevent attacks. 
The big problem is that it will be difficult for us to see a solution soon to threaten the harmful Qakbot program, because its level of development allows it to continue to cause damage even when removing its main files from computers.

تصنيف : ويندوز