QAKBOT or QBOT is a malware that is capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites.
It can also steal other critical information from the infected machine like:
- Account name
- City
- Country
- Internet Explorer (IE) password-protected sites
- IE user names and passwords
- IP address
- MSN username and password
- Operating system
- Outlook username and password
- Certificates
- Cookies
- Public Storage - SMTP, POP3, LDAP
- Browsing activities
- System information
Depending on the variant, this malware constantly downloads its components and updates from the Internet. It can also download other malware if commanded by its server. This malware can also prevent the infected computer from accessing most of the security (antivirus/anti-malware) websites.
The following technologies implemented by the latest Trend Micro products are the most effective methods of preventing re-infection and future infection of the QAKBOT or QBOT malware.
VSAPI Technology
To prevent users from being infected, it is encouraged to update pattern files regularly. Trend Micro recommends using the Smart Scan technology for better protection.
AEGIS Technology
This prevents the malware from executing even if it is undetected by the virus pattern. Below is a sample screenshot of the AEGIS feature in Worry-Free Business Security preventing a QAKBOT/QBOT malware from doing damage on a computer.
Web Reputation Service (WRS)
This stops the QAKBOT/QBOT malware from downloading other or associated malwares from the Internet.