The FBI has managed to carry out a cybersecurity operation that would not look out of place (indeed, in fact it has already been heard) in a computer thriller: it forced a botnet that had installed over 700,000 computers to uninstall itself. The operation was directed in the United States, but involved law enforcement agencies from various countries, including several European (Europol and the special divisions of Germany, France, the Netherlands, Romania and Latvia) and the British. The malware in question was called Qakbot, and it had infected systems all over the world.
The method of spreading Qakbot is the most classic of classics: an email with infected attachments. The purpose of the botnet is not perfectly clear at the moment, but of course a hacker who builds this type of tool can carry out various atrocities, from installing additional malware on the victim machine, to coordinating DDoS attacks against certain targets, and much more.
To dismantle Qakbot, the FBI managed to pass the malware through its servers, and in that step to order it to download and run software that, in fact, proceeds to remove the malware from the victim machine. The software also separated infected PCs from the botnet, thus preventing the spread of other copies. Curious to note that the authorities note in their official note that the software was limited to uninstalling Qakbot, thus leaving any other malware on the infected system to act undisturbed!
Qakbot is accused of causing hundreds of millions of dollars in damage and infecting more than 200,000 computers in the United States alone. According to investigations, the botnet has been around since more or less 2008, and had been exploited in the past by several well-known hacking groups (especially in the ransomware scene, such as REvil, Conti and MegaCortex. The operation led to the confiscation of cryptocurrencies worth about $8.6 million. The FBI has provided the famous account security verification site Have I Been Pwned with the entire database of accounts compromised by Qakbot.
