News

Europol and Microsoft disrupt Dorkbot botnet

By admin
Spread the love

A large number of organizations including Microsoft, Europol, the FBI, ESET and the Polish CERT have dealt a blow to the Dorkbot network. This irc botnet has managed to infect more than a million systems since 2011.

Infections to the botnet have been through Win32/Dorkbot variants, which have infected a total of more than a million systems in 190 countries. Microsoft has been tracking Dorkbot’s development since 2011. It is not entirely clear why the large-scale action has now been held, but Microsoft does claim to have observed 100,000 new infections in the past six months, so the fear of further growth may have been responsible for the action. The campaign involved Europol, Interpol, the FBI, ESET, Canadian, Albanian and Montenegrin authorities, and the Polish and US CERT, among others.

The action was directed against Dorkbot’s infrastructure. It is not clear whether any arrests have been made and how big the blow was that it was dealt. Probably control&command servers have been taken offline. It is difficult to get botnets completely offline, usually there is still a chance that they will be brought back to life.

Dorkbot appeared to be mainly active in Indonesia, India and Malaysia, although Microsoft’s heatmap also shows many detections in Europe, the US and Brazil. Infections take place through NgrBot, which malicious parties can purchase through underground forums. The kit consists of software and documentation on how to deploy the malware. The communication and file distribution between the management server and the compromised systems is via irc.

The malware can be distributed via USB drives, chat networks, social networking sites, spam and exploit kits on websites. The malicious code then intercepts account information from a variety of services, including Facebook, Gmail, Paypal, Steam, Twitter, and YouTube. Dorkbot may also be instructed by an administrator to block access to the sites of known security packages to prevent antivirus software from being updated.

Most av suites detect Dorkbot malware by now. Microsoft recommends being careful when opening emails and chat messages from strangers, not just downloading software from random sites other than the developer’s, and regularly running anti-malware software to avoid infection.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Zeeland power grid is full, grid operator stops new requests from major consumers