Dorkbot (malware)

Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook.

Functionality

Dorkbot’s backdoor functionality allows a remote attacker to exploit infected systems. According to an analysis by Microsoft and Check Point Research, a remote attacker may be able to:[1][2]

Download and run a file from a specified URL;
Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
Block or redirect certain domains and websites (e.g., security sites).

Impact

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.[1]

Prevalence

Between May and December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.[3]

History

On December 7th, 2015 the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.[4]

Remediation

In 2015, the U.S. Department of Homeland Security advised the following action to remediate Dorkbot infections:[1]

Use and maintain anti-virus software
Change your passwords
Keep your operating system and application software up-to-date
Use anti-malware tools
Disable AutoRun

gollark: Installing a Linux distro is *less work* than trying to uninstall all the bloatware and advertising and resource waste and random spam and telemetry and having to do that every time it updates or does something stupid.

gollark: I don't want to have to.

gollark: Oh, and it doesn't have Candy Crush.

gollark: On my desktop anyway, not the laptop.

gollark: Windows would use >30GB, has ads everywhere, would likely take longer to boot, does not as far as I know do good full disk encryption, generally tends to run slowly and randomly use excessive resources for no reason, and I would *need to pay for it*.

References

"TA15-337A: Dorkbot". National Cyber Awareness System:, U.S. Department of Homeland Security. December 3, 2015.
"dorkbot-an-investigation: Dorkbot". Check Point Research. February 4, 2018.
"Microsoft assists law enforcement to help disrupt Dorkbot botnets". Microsoft Malware Protection Center. December 3, 2015.
"FBI, Microsoft and Computer Emergency Response Team Polska Takes Down Global DorkBot Malware Botnet". Geek Inspector. December 7, 2015.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[TA15-337A-1] "TA15-337A: Dorkbot". National Cyber Awareness System:, U.S. Department of Homeland Security. December 3, 2015.

[CPR-Dorkbot-2] "dorkbot-an-investigation: Dorkbot". Check Point Research. February 4, 2018.

[3] "Microsoft assists law enforcement to help disrupt Dorkbot botnets". Microsoft Malware Protection Center. December 3, 2015.

[4] "FBI, Microsoft and Computer Emergency Response Team Polska Takes Down Global DorkBot Malware Botnet". Geek Inspector. December 7, 2015.