FBI makes a massive botnet infecting more than 700,000 computers uninstall itself

Share via:

Illustration by Amelia Holowaty Krales / The Verge

The US government just helped dismantle a massive network of computers infected with one of the world’s most notorious pieces of malware. According to the FBI, a multinational effort led by the US took down Qakbot, a malware that made its way into over 700,000 computers around the globe.

Hackers typically target victims with Qakbot by sending them spam emails containing malicious attachments or links. As soon as a victim downloads the attachment or clicks the link, Qakbot infects their computer, which then becomes part of a botnet — or a network of infected computers controlled remotely by hackers. From there, bad actors can install additional malware on their victims’ devices, such as ransomware.

Today, #FBI Director Christopher Wray announced a Bureau-led operation that crippled a long-running botnet. Just in the past year, this botnet infected approximately 700,000 computers. Learn how the FBI restored control to victims: https://t.co/RVEwdGBFzu pic.twitter.com/yCXhK5pDtl

— FBI (@FBI) August 29, 2023

To take down the network, the FBI routed Qakbot through FBI-controlled servers, where it instructed infected computers in the US and elsewhere to download software that uninstalled the Qakbot malware. The installer also separated infected computers from the botnet, “preventing further installation of malware through Qakbot.” As noted by the DOJ, the action was only limited to the malware installed by Qakbot actors and “did not extend to remediating other malware already installed on the victim computers.”

In addition to the US, Operation “Duck Hunt” also involved Europol, France, Germany, the Netherlands, the UK, Romania, and Latvia. The US says the botnet was responsible for hundreds of millions of dollars in damages and infected more than 200,000 computers in the US. Qakbot has been around since 2008 and was leveraged by several prolific ransomware groups in the past, including Conti, REvil, MegaCortex, and more. As part of the operation, the DOJ seized $8.6 million worth of extorted funds in crypto.

“An international partnership led by the Justice Department and the FBI has resulted in the dismantling of Qakbot, one of the most notorious botnets ever, responsible for massive losses to victims around the world,” US Attorney Martin Estrada says in a statement. “Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out.”

The FBI has since provided Have I Been Pwned with the compromised credentials it found during the operation, allowing you to enter your email on the site to check if you were affected. The Dutch National Police has also added affected credentials to its Check Your Hack site.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Sarthak Luthra
Sarthak Luthra
Hey, there! I am the tech guy. I get things running around here and I post sometimes. ~ naam toh suna hi hoga, ab kaam bhi dekhlo :-)

Popular

More Like this

FBI makes a massive botnet infecting more than 700,000 computers uninstall itself

Illustration by Amelia Holowaty Krales / The Verge

The US government just helped dismantle a massive network of computers infected with one of the world’s most notorious pieces of malware. According to the FBI, a multinational effort led by the US took down Qakbot, a malware that made its way into over 700,000 computers around the globe.

Hackers typically target victims with Qakbot by sending them spam emails containing malicious attachments or links. As soon as a victim downloads the attachment or clicks the link, Qakbot infects their computer, which then becomes part of a botnet — or a network of infected computers controlled remotely by hackers. From there, bad actors can install additional malware on their victims’ devices, such as ransomware.

Today, #FBI Director Christopher Wray announced a Bureau-led operation that crippled a long-running botnet. Just in the past year, this botnet infected approximately 700,000 computers. Learn how the FBI restored control to victims: https://t.co/RVEwdGBFzu pic.twitter.com/yCXhK5pDtl

— FBI (@FBI) August 29, 2023

To take down the network, the FBI routed Qakbot through FBI-controlled servers, where it instructed infected computers in the US and elsewhere to download software that uninstalled the Qakbot malware. The installer also separated infected computers from the botnet, “preventing further installation of malware through Qakbot.” As noted by the DOJ, the action was only limited to the malware installed by Qakbot actors and “did not extend to remediating other malware already installed on the victim computers.”

In addition to the US, Operation “Duck Hunt” also involved Europol, France, Germany, the Netherlands, the UK, Romania, and Latvia. The US says the botnet was responsible for hundreds of millions of dollars in damages and infected more than 200,000 computers in the US. Qakbot has been around since 2008 and was leveraged by several prolific ransomware groups in the past, including Conti, REvil, MegaCortex, and more. As part of the operation, the DOJ seized $8.6 million worth of extorted funds in crypto.

“An international partnership led by the Justice Department and the FBI has resulted in the dismantling of Qakbot, one of the most notorious botnets ever, responsible for massive losses to victims around the world,” US Attorney Martin Estrada says in a statement. “Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out.”

The FBI has since provided Have I Been Pwned with the compromised credentials it found during the operation, allowing you to enter your email on the site to check if you were affected. The Dutch National Police has also added affected credentials to its Check Your Hack site.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

Sarthak Luthra
Sarthak Luthra
Hey, there! I am the tech guy. I get things running around here and I post sometimes. ~ naam toh suna hi hoga, ab kaam bhi dekhlo :-)

More like this

EU closes antitrust probe into Apple’s e-book and audiobook...

The European Commission (EC) has quietly closed a...

Westbridge Capital Offloads 2% Of Its Stake In Freshworks

SUMMARY Westbridge Capital Management sold 2.75 Lakhs shares of...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!