Dorkbot is a family of
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
worms Worms may refer to:
*Worm, an invertebrate animal with a tube-like body and no limbs
Places
*Worms, Germany, a city
** Worms (electoral district)
* Worms, Nebraska, U.S.
*Worms im Veltlintal, the German name for Bormio, Italy
Arts and entertai ...
that spreads through
instant messaging
Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and trigge ...
,
USB drive
A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since first ...
s,
website
A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wikip ...
s or
social media
Social media are interactive media technologies that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks. While challenges to the definition of ''social me ...
channels like
Facebook
Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin ...
. It originated in 2015 and infected systems were variously used to send
spam, participate in
DDoS attacks, or harvest
users' credentials.
Functionality
Dorkbot’s backdoor functionality allows a remote attacker to exploit infected systems. According to an analysis by
Microsoft
Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
and
Check Point Research, a remote attacker may be able to:
*Download and run a file from a specified URL;
*Collect login information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
*Block or redirect certain domains and websites (e.g., security sites).
Impact
A system infected with Dorkbot may be used to send
spam, participate in
DDoS attacks, or harvest
users' credentials for online services, including banking services.
Prevalence
Between May and December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.
History
On December 7th, 2015 the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.
Remediation
In 2015, the
U.S. Department of Homeland Security
The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
advised the following action to remediate Dorkbot infections:
*Use and maintain anti-virus software
*Change your passwords
*Keep your operating system and application software up-to-date
*Use anti-malware tools
*Disable
AutoRun
See also
*
Alert (TA15-337A)
*
Code Shikara (Computer worm)
''Code Shikara'' is a computer worm, related to the Dorkbot family, that attacks through social engineering.
Timeline
In 2011, the Code was first identified by the Danish cyber security company CSIS. The AV-company Sophos reported in November ...
*
Computer worm
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wi ...
*
HackTool.Win32.HackAV
A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for li ...
*
Malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
*
US-CERT
The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of C ...
References
{{reflist
Botnets
Exploit-based worms