G oog le BadWeB | Login/out | Topics | Search | Custodians | Register | Edit Profile

Buell Forum » Quick Board » Qakbot 2017 virus patch? « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Friday, September 15, 2017 - 03:36 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Anyone dealing with the new variant of the Qakbot malware/virus? Anyone know if Microsoft has patched the OS for this crap?

We're dealing with this right now at work, but looks like my network has been spared. But I'm still jumping through hopes to help with the remediation. All my machines are patched with critical updates and security updates, but no mention by name of fixing this one.

So if you know anything, and especially if you know of an MS KB number for a patch, let me know so I can check my systems to make sure they are plugged.
Top of pagePrevious messageNext messageBottom of page Link to this message

Glitch
Posted on Friday, September 15, 2017 - 07:07 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Dating me I'm sure...
The last virus I had to worry about was the "I Love You" virus.
Top of pagePrevious messageNext messageBottom of page Link to this message

Oddball
Posted on Friday, September 15, 2017 - 08:10 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Glitch,
I thought that was incurable without divorce technicians and great sums of money? lol

Never heard of Qakbot. What's it do?
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Friday, September 15, 2017 - 08:52 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Bad stuff if you are a business that handle money and personal info.
Top of pagePrevious messageNext messageBottom of page Link to this message

Zac4mac
Posted on Saturday, September 16, 2017 - 02:11 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

I trust gold in hand over digital currency.
Top of pagePrevious messageNext messageBottom of page Link to this message

Oddball
Posted on Saturday, September 16, 2017 - 12:52 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Back to cash for a safer future. I have no problem with death penalties for cyber crimes.
Top of pagePrevious messageNext messageBottom of page Link to this message

Aesquire
Posted on Saturday, September 16, 2017 - 01:31 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

I love the gold adds on radio. The honest versions would go, "we bought gold knowing that you'd think it a good investment for the apocalypse and now will sell you papers that say you have some for only 20% more than real gold is selling for. We're dumping this since the prices are dropping and we need to unload while we can still pull a massive profit. You'll never see any real gold, and we'll charge you to store it. We also are counting on your financial stupidity to put your nearly worthless documentation for this sale in a box your relatives won't know about so you'll probably die and we'll keep your imaginary gold and other than printing costs and secretary time we'll make pure profit for nothing at all!"

I also think that other than jewelry and industrial applications gold is useless and so insanely overpriced. When George Soros last year crashed the market by dumping 14 tons........

Bic lighters for apocalypse. Gold for the rich.
Top of pagePrevious messageNext messageBottom of page Link to this message

Aesquire
Posted on Saturday, September 16, 2017 - 01:40 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Looks like serious business.

https://www.wilderssecurity.com/threads/fresh-wave -of-mutating-qakbot-malware-brings-down-enterprise -networks.394221/

https://www.leidos.com/announcement/commercialcybe r/blog/battling-pink-slip-virus-yet-again
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Saturday, September 16, 2017 - 05:46 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Yes it seems really bad, that's part of why they are freaking out at work.

The Microsoft stand alone scanner (boot from scanner) suggests that it can remove this pest. But I haven't seen anything about updates plugging the hole. And most of what I do find is from 2009 and no longer applies.
Top of pagePrevious messageNext messageBottom of page Link to this message

Oddball
Posted on Saturday, September 16, 2017 - 08:25 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Maybe someone could actually make a quality operating system. Basic, good god what a wasteful system. One idiot's wasteful lousy program piling on all the other idiots creations needing ever greater resources of memory and processor effort. Programming was never my thing but my brother used to back when memory space was critical. (commie 64) Others would bring their BBS and other programs to him to fix and make them work in little room . He'd program at the machine code level.

The fact that so many companies and government entities have information accessible on an open system makes life easy for the cyber thieves.

I've sat through many tirades by my retired engineer father on the state of stupidity in the programmer ranks as well as dimwits you hear about on the news allegedly allowing open internet access to restricted and possibly classified information.

It can be funny watching steam come out of the ears of an old pocket protector wearer. lol
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Saturday, September 16, 2017 - 08:46 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

For what most people need, chromebooks work fine.
Top of pagePrevious messageNext messageBottom of page Link to this message

Tootal
Posted on Sunday, September 17, 2017 - 03:35 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Greg, I just sent an email to a friend that is in charge of internet security at a bank in New York City. If anybody could answer your question he should be able to. I will post his reply as soon as I hear back from him.
Top of pagePrevious messageNext messageBottom of page Link to this message

Tootal
Posted on Sunday, September 17, 2017 - 08:09 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Here's his response:

Microsoft has a pretty good page on this:



https://www.microsoft.com/en-us/wdsi/threats/malwa re-encyclopedia-description?Name=Backdoor%3AWin32% 2FQakbot.T



It says that Windows Defender (the built-in antivirus) can get rid of it.



I did not see a specific KB that referenced it, but 90% of infosec is keeping your machines patched current.



So a full scan with the built-in MS tools and a current patch regimen should go a long way towards addressing the issue.



Sophos also has a free tool that will clean machines that are being difficult.



www.sophos.com



Look for the free tools section.



Viel Glueck!
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Sunday, September 17, 2017 - 09:43 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

That's what I read, so I don't know why they aren't just doing an offline scan with the boot tool, and then patching the computers. Would be way cheaper than what they are paying Cylance to do. And probably not more labor intensive either, they have weeks worth of time invested in this and the latest patch I saw was June, where mine all have the September patch that came out this week. and the August patch before that.
Top of pagePrevious messageNext messageBottom of page Link to this message

Tootal
Posted on Monday, September 18, 2017 - 12:01 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Did you check out the Sophos tool? I use them for my PC security and I've not had any issues.
« Previous Next »

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Password:
E-mail:
Options: Post as "Anonymous" (Valid reason required. Abusers will be exposed. If unsure, ask.)
Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Tree View | Search | User List | Help/Instructions | Rules | Program Credits Administration