Rahul Sharma (Editor)

Dorkbot (malware)

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook.

Contents

Functionality

Dorkbot’s backdoor functionality allows a remote attacker to exploit infected system. According to an analysis by Microsoft, a remote attacker may be able to:

  • Download and run a file from a specified URL;
  • Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
  • Block or redirect certain domains and websites (e.g., security sites).

    • Impact

    A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.

    Prevalence

    Between May and December of 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.

    History

    On December 7th, 2015 the FBI and Microsoft in a joint task forced took down the Dorkbot Botnet.

    Remediation

    In 2015, the U.S. Department of Homeland Security advised the following action to remediate Dorkbot infections:

  • Use and maintain anti-virus software
  • Change your passwords
  • Keep your operating system and application software up-to-date
  • Use anti-malware tools
  • Disable AutoRun

    • References

    Dorkbot (malware) Wikipedia
    (Text) CC BY-SA


    Similar Topics