New rootkit version

Discussion in 'malware problems & news' started by Vercingetorix, Oct 19, 2009.

Thread Status:
Not open for further replies.
  1. Vercingetorix

    Vercingetorix Registered Member

    Joined:
    Dec 7, 2005
    Posts:
    1
    I work in a school district, and we have root kit running through our domain. It is a new variant of qakbot, it makes a folder in c:\doc~\All Users\_qbothome. It gathers all information stored in auto complete for the computer and web browsers, and it has a key logger for https sites. It stores this information in a txt file and uploads it to servers, for identity theft. It is phoning home to domains in china for updates on a regular basis. We have had the rootkit since some time in August, and all of this time has been undetected by Trend Micro. I suggest blocking up002.cn and nt2002.cn to protect yourselves. (If you do not already block all of cn)
     
    Last edited: Oct 19, 2009
    Vercingetorix, Oct 19, 2009
    #1
  2. Melannk24

    Melannk24 Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    1
    What school district are you located in? I've heard of other infections....

    What are the names of the processes? qbotinj.exe? qbotnti.exe?

    Thanks.
     
    Melannk24, Oct 21, 2009
    #2
  3. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,097
    tgell, Oct 22, 2009
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...