Europol and Microsoft disrupt Dorkbot botnet

Dec

5

2015

A large number of organizations, including Microsoft, Europol, the FBI, ESET and Polish CERT have Dorkbot network dealt a blow. This IRC botnet managed to infect more than one million systems since 2011.

Infections of the botnet went through Win32 / Dorkbot variants, which total more than one million systems in 190 countries infected. Microsoft was already since 2011 to monitor the development of Dorkbot. Not quite clear why the large-scale action is taken now, but Microsoft claims or in the past six months 100 000 new infections have been observed, so it is possible the fear of further growth to blame for the action. The campaign included Europol, Interpol, the FBI, ESET, Canadian, Albanian and Montenegrin authorities and the Polish and American CERT involved.

The action was directed against the infrastructure of Dorkbot. It is not clear whether arrests have been made and how big the blow is inflicted. Probably command & control servers taken offline. It is difficult to get botnets completely offline, typically the possibility remains that it is revived.

Dorkbot was particularly active in Indonesia, India and Malaysia, although the heatmap Microsoft also many detections in Europe, shows the US and Brazil. Infections occur through NgrBot who can purchase attackers through underground forums. The kit includes software and documentation on how to deploy the malware is. Communication and file distribution between the management server and the infected systems is via irc.

The malware via USB drives, chat networks, social networking sites, spam, and exploit kits are distributed on websites. Then intercepted malicious code account details of many services, including Facebook, Gmail, PayPal, Steam, Twitter and YouTube. Dorkbot can also be instructed by an administrator to block access to sites known security packages, to ensure that antivirus software is updated.

Most AV suites detect Dorkbot malware now. Microsoft recommends caution when opening emails and instant messages from strangers, not just software of any sites other than that of the developer, download and run regular anti-malware software to prevent infection.

Viewing:-131

In: Technology & Gadgets Asked By: [15780 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »