FYI...Qakbot malware infections spike
... infected 1,500 Massachusetts state PCs... exposing 250,000 residents' personal details.
May 23, 2011 - "The Qakbot worm
, which targets consumers' financial website credentials, appears to be growing more sophisticated and virulent
... in the past month there's been a spike in the overall number of infections**... daily levels reaching 20,000 or more infected machines... according to an analysis of the worm released last week by Symantec*. Qakbot targets online bank account holders and can record keystrokes; digital certificates; and website, email, and FTP passwords
. The worm puts the FTP credentials to work immediately, looking for new websites into which to inject code, to then infect the PCs of whoever visits the site. But the worm can also spread via network shares and removable drives. Otherwise, the worm waits for the PC user to log on to a targeted website - including sites operated by Bank of America, Citibank, JPMorgan Chase, SunTrust, Wachovia, and Wells Fargo
. At that point, the worm "immediately sends the attackers session authentication tokens allowing the attackers to piggyback on the active session," according to the report from Symantec... State officials identified the virus as Qakbot and said that because of the malware, the personal information of up to 250,000 state residents had been potentially exposed. That data included names, addresses, and Social Security numbers... "Qakbot-infected systems were observed uploading more than 200 megabytes of data each day
to command and control server during a period that covered the Qakbot infection on the Department of Labor network"..."