back to article Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year

Three malware loaders — QBot, SocGholish, and Raspberry Robin — are responsible for 80 percent of observed attacks on computers and networks so far this year. Security shop ReliaQuest reported on Friday the top nasties that should be detected and blocked by IT defenses are QBot (also known as QakBot, QuackBot, and Pinkslipbot …

  1. may_i

    Point out that this is all semantics

    A malware loader is by definition an unauthorised program which does unwanted and unauthorised things to your computer.

    It is therefore also malware. The semantics are only of interest to malware researchers. If you removed the semantic distinction between a loader and the payload from this article, then all you have left is the same message about malware that has been written for the last two decades.

    Please try harder.

    1. Version 1.0 Silver badge
      Alert

      Re: Point out that this is all semantics

      So when the researchers get emailed Latest_Malware_Detection.PDF.img then I suggest an immediate deletion. But I'm seeing this type of "helpful delivery" attack via the corporate email server every day.

    2. Mike Pellatt

      Re: Point out that this is all semantics

      Yeah. And the use of "loader" confused me.

      On reading the headline, I thought this was about bootloader malware, but, nope.

    3. Prst. V.Jeltz Silver badge

      Re: Point out that this is all semantics

      I guess thats correct but it was interesting to hear how the intrusion is secured before the payload arrives .

      the "two part" bit , although i guess we knew that .

      One thing I am curious about is how long a encryption ransomware waits before announcing the ransom?

      If its coded in such a way that it is decrypting your files for you to use in real time while it finishes the job , then it could equally wait pretty much indefinitely until it reckons your backup cycle has expired.

      So the advice " make sure you have backups" possibly wont work .

      Also a backup from weeks ago just aint an option for some applications . or even days .

      I'm assuming most ransomware isnt coded to decrypt on demand to avoid detection , seems a bit too clever for most malware writers , given that the one I had to deal with just zipped all the files and forgot the encryption! dodged a bullet there !

  2. Dimmer Silver badge

    “A malware loader is by definition an unauthorised program which does unwanted and unauthorised things to your computer.“

    Microsoft- “it’s an update, it does what WE want it to”

    Same for - Adobe, google, facebook, twitter…..

    I did not want the changes or to be spied on, so would they also be classified as downloaders?

  3. RErnes
    Megaphone

    Bye bye QBot?

    I think the friendly vultures were circling the dead botnet. The FBI just released the news that they have taken down Qbot. I hope it remains dead and doesn't do the phoenix trick thingy.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like