Dorkbot (malware)
 | The topic of this article may not meet Wikipedia's general notability guideline. (January 2018) |
Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook.
Functionality
Dorkbot’s backdoor functionality allows a remote attacker to exploit infected systems. According to an analysis by Microsoft and Check Point Research, a remote attacker may be able to:[1][2]
- Download and run a file from a specified URL;
- Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
- Block or redirect certain domains and websites (e.g., security sites).
Impact
A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.[1]
Prevalence
Between May and December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.[3]
History
On December 7th, 2015 the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.[4]
Remediation
In 2015, the U.S. Department of Homeland Security advised the following action to remediate Dorkbot infections:[1]
- Use and maintain anti-virus software
- Change your passwords
- Keep your operating system and application software up-to-date
- Use anti-malware tools
- Disable AutoRun
See also
References
- ^ a b c "TA15-337A: Dorkbot". National Cyber Awareness System:, U.S. Department of Homeland Security. December 3, 2015.
- ^ "dorkbot-an-investigation: Dorkbot". Check Point Research. February 4, 2018.
- ^ "Microsoft assists law enforcement to help disrupt Dorkbot botnets". Microsoft Malware Protection Center. December 3, 2015.
- ^ "FBI, Microsoft and Computer Emergency Response Team Polska Takes Down Global DorkBot Malware Botnet". Geek Inspector. December 7, 2015.