Qakbot

Qakbot Being Distributed via Virtual Disk Files (*.vhd)

There’s been a recent increase in the distribution of malware using disk image files. Out of these, the Qakbot malware has been distributed in ISO and IMG file formats, and the ASEC analysis team discovered that it has recently changed its distribution to the use of VHD files. Such use of disk image files (IMG, ISO, VHD) is seen to be Qakbot’s method of bypassing Mark of the Web (MOTW). Disk image files can bypass the MOTW feature because when the files inside…