Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date.
The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More than half (59 per cent) of sniffed sessions were reportedly from accounts at five of the largest US banks.
The researchers said online banking credentials for banks in Europe were also targeted by the Russian-speaking cybercrime group behind the scam, which was uncovered by email security outfit Proofpoint.
The security firm said the attackers launched the assault from compromised WordPress sites using drive-by-download style attack tactics. Windows XP clients comprised 52 per cent of the infected systems in the cybercrime group’s botnet.
The cybercrime group also made money by selling access to compromised systems to other ne’er do wells. More details on the research can be found in Proofpoint’s report here (registration required). ®