Dorkbot (malware)

Not to be confused with the Dorkbot group of electronic art organizations.

Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook.

Functionality

Dorkbot’s backdoor functionality allows a remote attacker to exploit infected system. According to an analysis by Microsoft, a remote attacker may be able to:[1]

Impact

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.[1]

Prevalence

Between May and December of 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.[2]

History

On December 7th, 2015 the FBI and Microsoft in a joint task forced took down the Dorkbot Botnet. [3]

Remediation

In 2015, the U.S. Department of Homeland Security advised the following action to remediate Dorkbot infections:[1]

References

  1. 1 2 3 "TA15-337A: Dorkbot". National Cyber Awareness System:, U.S. Department of Homeland Security. December 3, 2015.
  2. "Microsoft assists law enforcement to help disrupt Dorkbot botnets". Microsoft Malware Protection Center. December 3, 2015.
  3. "FBI, Microsoft and Computer Emergency Response Team Polska Takes Down Global DorkBot Malware Botnet". Geek Inspector. December 7, 2015.
This article is issued from Wikipedia - version of the Tuesday, January 19, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.