silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
By malware standards, the banking trojan Qbot is long in the tooth, but it still has some bite, according to researchers who say it has added some detection and research evasion techniques to its arsenal.
“It has a new packing layer that scrambles and hides the code from scanners and signature-based tools,” wrote Doron Voolf, malware analyst at F5 Labs (part of F5 Networks), in a recent company blog post. “It also includes anti-virtual machine techniques, which helps it resist forensic examination.”
This latest sample was programmed to harvest credentials primarily from U.S. banks and their online financial services offerings. F5 identified 36 targeted U.S. financial institutions and two banks in Canada and the Netherlands, including J.P. Morgan, Citibank, Fifth Third Bank, U.S. Bancorp, Citizens Bank, Keybank, Bank of America, Capital One, First Citizens Bancshares, First Horizon Bank, SunTrust, Compass Bank, TD Bank, Wells Fargo, Frost Bank, TCF Bank, Huntington Bancshares, M&T Bank, Scotiabank, First Merit Corporation, Eastern Bank, ABN AMRO, PNC Bank, Silicon Valley Bank and others. The researchers also found six generic URL targets “that might be added as a second stage in the fraud action.”