back to article Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines

A new version of the decade-old banking credential-stealing Qbot malware is doing the rounds, according to infosec firm Varonis. The latest version, spotted after an unfortunate customer's systems were infected, retains the anti-analysis polymorphism features of the original, Varonis researchers said. Once present on a …

  1. nagyeger

    windows defender

    Is this a case of WD being the attack vector (unsafe zip) or just that it doesn't spot it?

  2. redpawn Silver badge

    You can lead a user to security,

    but you can't make them implement it. However Microsoft doesn't even lead users toward security.

    1. N2 Silver badge

      Re: You can lead a user to security,

      Well yes and no, it's up to admins to impliment policy on the assumption that anything is possible and treat the network as a castle, wall, moat type tiered line of defences assuming zero knowledge from the user.

      Unfortunately, there are still people out there who click on everything and anything and have to ask 'what do I do with this?' when an email states ******INFECTED******* in the subject line.

      1. Huw D

        Re: You can lead a user to security,

        If you can work out that an email is infected, to the point that you can prepend ***INFECTED*** to the subject line, why is it even getting to the end-user??

  3. herman Silver badge

    VB Script

    Who on earth actually use VB Script for anything useful and why is it installed on most Windows machines?

    1. Duncan Macdonald Silver badge

      Re: VB Script

      I used it for a basic automation job at work before PowerShell was created (a few trigger buttons on an Excel spreadsheet). Like PowerShell it is however grossly overpowered for normal use.

      Both PowerShell and VBScript should be optional components that are only installed if the user accepts a warning message.

      1. Captain Scarlet Silver badge

        Re: VB Script

        I tend to find most users just randomly click Yes without reading what they are agreeing to.

      2. J27 Bronze badge

        Re: VB Script

        I think the user should have to manually install them from the optional components installer, that or using an administrative install for corporate deployments. If you need scripting, then either you or your IT support team should know how to install optional components.

    2. Mr Dogshit

      Re: VB Script

      I use it frequently. It's fast as lightning, there's virtually nothing it can't do and I can't be arsed to learn Powers Hell and don't see why I should have to.

    3. Robert Helpmann?? Silver badge
      Paris Hilton

      Re: VB Script

      Who on earth actually use VB Script for anything useful...?

      Hackers, obviously.

    4. Anonymous Coward
      Anonymous Coward

      Re: VB Script

      In my previous job my employer point blank refused to pay for any commercial monitoring or automation software to manage our Enterprise level Exchange 2003 Estate. The only licensed software available to me was VB6 so I wrote a large number of utilities in that and made extensive use of VBS for both monitoring and automation.

      When we went over to Exchange 2010 I had to create a large amount of automation and utilities for that in PowerShell and VB6, including a monitoring tool which gave a near real-time status update of the systems health.

  4. Neil Barnes Silver badge
    WTF?

    One day...

    Someone will explain to me why putting a scripting language in a word processor was thought a good idea.

    1. bpfh Bronze badge

      Re: One day...

      Because all the cool kids did it back in the day probably. Thanks Lotus.

      I will admit that from a VB point of view, the access you can still get into office apps is awesome if you need it, but vba automation is such a niche market, it can only be a fraction of a percent of the use base.

      The fraction of a percent of skint teenagers leaning to program vb in the nineties will thank MS for embedding VB6 IDE into office tools that only cost a quarter of the official product :)

      1. david 12 Bronze badge

        Re: One day...

        >Because all the cool kids did it back in the day probably. Thanks Lotus.<

        Lotus? vi comes from 1976, and ed was even earlier than that.

        Line editors like ed where scriptable in any system that allowed scripting, and one of the reasons was because line editors like ed were one of the first tools written for a new os, because that's what you used to write subsequent programs. The first three tools of unix were assembler, editor, and shell. vi was part of the very first BSD release.

        And when you started advanced scripting with your editor, of course you could have a system that didn't allow you to interact with the file system of with the gui, but wtf would be the use of that?

    2. Michael H.F. Wilkinson Silver badge

      Re: One day...

      The problem isn't necessarily a scripting language inside a word processor or spreadsheet. After all, LaTeX allows all sorts of scripting (made very easy with the ifthen package), and I am not aware of any security issues with that. The problem is allowing scripts like this to do anything not related to the document itself. That is a security nightmare.

    3. J27 Bronze badge

      Re: One day...

      Regardless of why, it should have been sandboxed to the current document only. Not full file access!

  5. dhawkshaw
    Facepalm

    Infection Vector

    via a file named something.doc.vbs .... damned windows default hiding of known file extensions. Why on earth is that *still* the default setting [shakes fist]

    1. Anonymous Coward
      Anonymous Coward

      Re: Infection Vector

      Yes dammit. Why can't it by like any unix system, where the scripting language is defined /inside/ the file, and you can call it any dammed thing you please?

    2. J27 Bronze badge

      Re: Infection Vector

      Damn file extensions at all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019