By Month

May 2021
Mar 2020
Jun 2018
Oct 2016
Sept 2016
Jul 2016
Mar 2016
Oct 2013
Aug 2013
Jul 2013
Older Announcements...
View RSS Feed

  By Month

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

qakbot trojan

  • Friday, 2nd April, 2010
  • 12:39pm

Recently, a couple of sites hosted with us have been infected with a link to the w32.qakbot trojan.

What is a trojan?
A trojan is a piece of software that is designed to perform harmful actions to a computer.

So how did that happen?
A couple of clients PC's have been infected with a trojan called qakbot. It may have been downloaded as part of a freeware program or it was downloaded from an infected site.

This trojan allows a hacker to access your pc remotely and log keystrokes and send your information to botnets. This is what has happened in these cases. A keylogger has identified the ftp account and password for a site, and has sent the information to a hacker who has inserted a line of code in every page that has a <BODY> tag. This line of code instructs a server hosting the trojan to install it on the pc browsing the site at that time.

What is HNZ doing about it?
While we have no control over our clients PC's and antivirus status, nor their habits regarding internet security, we have informed the site owners to check the pc's they use to ftp files to their site. We have also eliminated the offending lines of code from the infected sites, deleted the FTP accounts associated with those sites and changed the passwords for those accounts to a more complex one.

We are also investigating ways of making malicious hacking (by way of infected customer pc's) of our customer sites more difficult.

How do I know if I have a trojan?
You must have a good quality virus scanner installed on your pc, and it must be up to date. The virus scanner, if its a good one, will detect the trojan before it gets a chance to install on your machine. Without a virus scanner on your pc, surfing the internet would be akin to thinking you can walk barefoot across a mile of hot coals without getting your feet burned.

So what should I do?
We strongly encourage our customers to:

  • use strong passwords. We also encourage regular changing of passwords.
  • Install a strong antivirus scanner and firewall software on your pc or network.
  • Always check the integrity of freeware applications you want to download. Search for reviews of a product before installing it on your machine.


Unfortunately, if the sites we have identified continue to become infected, we will have to disable them from our servers. When a site becomes blacklisted as an attack site, the integrity of the server that it is hosted on is compromised and this will affect other users.


To check if your site is compromised, replace the link at the end of the following url with your site address:
http://www.google.com/safebrowsing/diagnostic?site=http://www.test.com

« Back

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket