New variants of Qakbot spread "like wildfire"

The Qakbot worm attack revealed this week that led to theft of personal information belonging to 210,000 unemployed claimants in Massachusetts was not an isolated case.

In fact, infection rates from Qakbot have skyrocketed since the beginning of April, when the worm's authors "seeded new variants," researchers at Symantec said Friday. New variants of Qakbot typically have appeared every few months for the past two years, but not like the latest outbreak.

"It has not been this big of a deal before," Vikram Thakur, principal security response manager at Symantec, told SCMagazineUS.com on  Friday. "They are clearly pushing hard."

Rates have died down since a peak in late April now that anti-virus products have caught up with the new variants, but not before there were hundreds of thousands of infections. (Symantec's endpoint protect initially failed to detect the outbreak in Massachusetts).

"There are several information-stealing trojans or threats out there," Thakur said. "This one is pretty high on the list...Once the malware gets on the computer, it knows very well what to do. There are very few things it relies on its control server for. It has a lot more in-built [than previous variants]."

Qakbot may not have the complexity and name recognition of other data-stealing malware, such as Zeus, but arguably can spread faster. According to Symantec, the worm propagates via network and removable drives and through infected web pages.

"It spreads like wildfire," Thakur said. "This is something that all computer users need to watch out for, especially in corporations because they make use of a lot more impactable propagation vectors. The corporate customers [as opposed to home users] are a little bit more susceptible to getting infected by this worm."