Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Context-aware phishing campaign delivers Qbot trojan

Context-aware phishing campaign delivers Qbot trojan

  • A context-aware phishing email that includes a link to an online document is sent to the target.
  • The phishing emails are disguised as delivery emails which are replies to existing email threads.

What is the issue – A phishing campaign disguised as delivery emails which are replies to existing email threads, delivers the Qbot trojan.

The big picture

JASK SpecOps security researchers described the delivery mechanism of Qbot trojan.

“The delivery mechanism for this Qbot infection was a phishing campaign where the targeted user received an email containing a link to an online document. Interestingly enough, the delivery email was actually a reply to a pre-existing email thread,” researchers said in a case study.

  • A context-aware phishing email that includes a link to an online document is sent to the target.
  • The phishing link to the document is actually a link to a VBScript-based dropper script which is designed to drop the Qbot malware.
  • Upon clicking the malicious link, the Qbot payload will be downloaded on the already compromised machine with the help of the legitimate Windows BITSAdmin utility (bitsadmin.exe) in the form of an ‘August.png’ file.
  • The Qbot malware will then start brute forcing network accounts for lateral movement purposes using a list of local account credentials.

“The dropper executes a stage two download, which SpecOps diagnosed as Qbot-related due to open source reporting and VirusTotal signature detection,” researchers said.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket