Blog

Beware Zip Attachments In Emails Could Be Qbot Malware

May 7, 2022 | Blog

The owners of the Qbot botnet are changing things up.  The botnet’s normal Modus Operandi for distributing their signature Qbot malware has been to push their malicious code via phishing emails which contain Microsoft Office documents laden with poisoned macros. More recently though, the group behind the botnet has switched to phishing emails carrying password-protected ZIP files which contain malicious MSI Windows Installer packages.

It’s the first time we’ve seen this tactic from Qbot and no one is sure what drove the change. The best theory put forward so far is that the tactical shift is a response to a recent announcement by Microsoft to disable Excel 4.0 macros by default. This was done in a bid to shut down macros as a possible delivery system.  If so, it demonstrates the incredible nimbleness and responsiveness of the hacking world.

Microsoft began rolling out a new VBA autoblock feature for Microsoft Office in April 2022.

Microsoft had this to say about the matter:

“Despite the varying email methods attackers are using to deliver Qakbot, these campaigns have in common their use of malicious macros in Office documents, specifically Excel 4.0 macros.

It should be noted that while threats use Excel 4.0 macros as an attempt to evade detection, this feature is now disabled by default and thus requires users to enable it manually for such threats to execute properly.”

Qbot can best be described as a modular Windows banking trojan that spreads like a worm.  It has been active for more than a decade and the people who control the malicious code have targeted several high-profile corporate entities, seeking the biggest bang for their buck.

Over the years, several large and well-organized gangs of hackers, including MegaCortex, PwndLocker, and REvil have leveraged Qbot to breach corporate networks.  Although Microsoft’s recent moves have made it harder for the botnet to operate, it’s clear that they are adapting.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech