科技回声

14 条评论

AugustoCAS超过 1 年前

This is huge. Yesterday The Register published an article [1] mentioning that Qakbot was responsible for 30% of recorded intrusion attempts since the start of 2023.[1]: <a href="https://www.theregister.com/2023/08/28/top_malware_loaders/" rel="nofollow noreferrer">https://www.theregister.com/2023/08/28/top_malware_loaders/</a>

firesteelrain超过 1 年前

"To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file. This uninstaller—created to remove the Qakbot malware—untethered infected computers from the botnet and prevented the installation of any additional malware. "That's pretty sweet that they healed hundreds of thousands of computers

评论 #37314003 未加载

评论 #37314410 未加载

评论 #37314470 未加载

评论 #37311179 未加载

评论 #37312545 未加载

评论 #37311991 未加载

评论 #37312181 未加载

评论 #37313749 未加载

评论 #37311743 未加载

评论 #37311528 未加载

评论 #37314308 未加载

r3trohack3r超过 1 年前

The warrant application is one of the coolest, cyberpunk, warrants I've read in my lifetime: <a href="https://www.justice.gov/d9/2023-08/23mj4244_application_redacted.pdf" rel="nofollow noreferrer">https://www.justice.gov/d9/2023-08/23mj4244_application_reda...</a>Feels like one of those "in world messages" you find in games like Cyberpunk 2077. Could have been written by NetWatch.We live in amazing times.

评论 #37311684 未加载

评论 #37314842 未加载

1970-01-01超过 1 年前

Qbot/Qakbot/Pinkslip/Whateveritsnowcalled has been morphing since the very beginning, 2007/08:<a href="https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot" rel="nofollow noreferrer">https://www.blackberry.com/us/en/solutions/endpoint-security...</a><a href="https://www.youtube.com/watch?v=DN9m27nhA00">https://www.youtube.com/watch?v=DN9m27nhA00</a><a href="https://en.wikipedia.org/wiki/BASHLITE" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/BASHLITE</a>

评论 #37315640 未加载

autoexec超过 1 年前

If it's really finally fully down that's great, but it took forever and replacements can be churned out and new networks grown in a very short amount of time.I'm glad the FBI invested 15+ years and who knows how much money to rid the world of QBot, but this isn't a scalable solution to the botnet problem.

评论 #37313162 未加载

michaelaiello超过 1 年前

Some more technical details on what we observed here. <a href="https://www.secureworks.com/blog/law-enforcement-takes-down-qakbot" rel="nofollow noreferrer">https://www.secureworks.com/blog/law-enforcement-takes-down-...</a><a href="https://www.secureworks.com/blog/qakbot-campaign-delivered-black-basta-ransomware" rel="nofollow noreferrer">https://www.secureworks.com/blog/qakbot-campaign-delivered-b...</a>

badrabbit超过 1 年前

I wouldn't make a big deal out of this, unlike worms, "bots" like this will come back after weeks/months because of the number of people involved and the spread of the malware "kit" (including server side stuff). They are constantly adapting anyways, there isn't a fixed set if domains and IPs you can block to stop it permanently.They took down emotet as well but it's had a resurgence.Qakbot in recent years has shifted to a initial access broker monetization scheme where it sells access (cobaltrsike,etc...) to more serious actors who will pay the access fee instead of hiring talent themselves to do the hacking. So they have a strong community of customers. They will need to arrest a lot of people at once and hope they got all the people needed to revive it.

dcow超过 1 年前

Two questions:1. if someone installed Qakbot willingly, does the warrant apply (the warrant has what looks to me like specific language limiting it to unaware victim’s machines)?2. if the FBI’s justice.exe damaged data on a victim machine because of an unexpected configuration, are they liable for damages?

评论 #37312390 未加载

评论 #37314975 未加载

yafbum超过 1 年前

Cool use of the botnet's capabilities against itselfBut no arrests announced? I wish the people responsible for this were made an example of, as opposed to being basically free to start over (it seems).

评论 #37312367 未加载

评论 #37313037 未加载

评论 #37313386 未加载

评论 #37313758 未加载

behindai超过 1 年前

Faced a "wtf" that damages your subjects? Name it "Russian" backed. ???? PROFIT

bdcp超过 1 年前

Is this the ransomware as a service that was hitting hospitals and multiple companies?

kiddico超过 1 年前

A 3 letter did a thing I like? Quick, someone pinch me.

coldblues超过 1 年前

> To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file. This uninstaller—created to remove the Qakbot malware—untethered infected computers from the botnet and prevented the installation of any additional malware.So the FBI used unauthorized access to the computers to uninstall the malware? Scary if you think about it. I'm sure they could have used that access any way they wanted.

评论 #37311243 未加载

评论 #37311861 未加载

评论 #37311529 未加载

评论 #37311462 未加载

评论 #37311293 未加载

评论 #37311238 未加载

评论 #37312384 未加载

评论 #37312923 未加载

评论 #37311692 未加载

评论 #37311505 未加载

jscipione超过 1 年前

If the FBI doesn’t like them, Qakbot can’t be that bad.

14 条评论

AugustoCAS超过 1 年前

firesteelrain超过 1 年前

评论 #37314003 未加载

评论 #37314410 未加载

评论 #37314470 未加载

评论 #37311179 未加载

评论 #37312545 未加载

评论 #37311991 未加载

评论 #37312181 未加载

评论 #37313749 未加载

评论 #37311743 未加载

评论 #37311528 未加载

评论 #37314308 未加载

r3trohack3r超过 1 年前

评论 #37311684 未加载

评论 #37314842 未加载

1970-01-01超过 1 年前

评论 #37315640 未加载

autoexec超过 1 年前

评论 #37313162 未加载

michaelaiello超过 1 年前

badrabbit超过 1 年前

dcow超过 1 年前

评论 #37312390 未加载

评论 #37314975 未加载

yafbum超过 1 年前

评论 #37312367 未加载

评论 #37313037 未加载

评论 #37313386 未加载

评论 #37313758 未加载

behindai超过 1 年前

Faced a "wtf" that damages your subjects? Name it "Russian" backed. ???? PROFIT

bdcp超过 1 年前

Is this the ransomware as a service that was hitting hospitals and multiple companies?

FBI, partners dismantle Qakbot infrastructure

14 条评论

FBI, partners dismantle Qakbot infrastructure

14 条评论