Qakbot slowly drains NHS and other computer networks of data

Symantec says it has gained access to – and is closely monitoring – two FTP servers related to the botnet.

Data being drained from users' computers reportedly includes online banking credentials, credit card information, social network credentials and email account details.

Symantec advises that every bit of information an infected user types into their browser can be stolen.

It appears that the people behind the botnet are not experienced in IT security, as the author(s) have not put much effort into securing the stolen information.

Because of this, Symantec claims that anyone with a sample of the threat can access the stolen data quite easily.

The IT security vendor adds that what is perhaps more disturbing is that its research teams have Qakbot logged as being almost equally effective at stealing information from corporate environments as from home users.

Logs discovered on the analysed servers indicate the botnet swarm has infected over 1100 computers on the NHSnet and there are also over 100 compromised computers on a Brazilian regional government network.

As a result of its findings, Symantec says that enterprises should be particularly wary of this threat because it also functions as a downloader, leaving compromised corporate environments open to a more serious attack if appropriate action is not taken right away.

What’s Hot on Infosecurity Magazine?