Security researchers are warning financial institutions about the Qakbot Trojan, a rare kind of malware that is allegedly infiltrating large banks and other global financial institutions. It is unlike other types of malware because it has the ability to spread like a worm, but still infect users like a Trojan. Named for its primary executable file, _qakbot.dll, the Trojan is not new, but its qualities and difference in attack set it head and shoulders above other more well-known Trojans, such as Zeus, in that it can infect multiple computers at a time. It is the only Trojan known to exclusively target U.S. banks, said an RSA security researcher.
The more well-known Trojans and their variants, Zeus and Spyeye, are all available for sale on the black market, said the researcher who is head of new technologies, consumer identity protection at RSA, the security division of EMC. First discovered by Symantec in 2007, Qakbot is likely being run by one group. It is likely an organized crime group developed it, focusing on their own specific methods, and tailored the Trojan to a specific segment — large banks and their commercial customers.