Dorkbot is a family of

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...

worms Worms may refer to: *Worm, an invertebrate animal with a tube-like body and no limbs Places *Worms, Germany, a city ** Worms (electoral district) * Worms, Nebraska, U.S. *Worms im Veltlintal, the German name for Bormio, Italy Arts and entertai ...

that spreads through

instant messaging Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and trigge ...

USB drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since first ...

website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wikip ...

s or

social media Social media are interactive media technologies that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks. While challenges to the definition of ''social me ...

channels like

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin ...

. It originated in 2015 and infected systems were variously used to send spam, participate in DDoS attacks, or harvest users' credentials.

Functionality

Dorkbot’s backdoor functionality allows a remote attacker to exploit infected systems. According to an analysis by

Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...

and Check Point Research, a remote attacker may be able to: *Download and run a file from a specified URL; *Collect login information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or *Block or redirect certain domains and websites (e.g., security sites).

Impact

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.

Prevalence

Between May and December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.

History

On December 7th, 2015 the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.

Remediation

In 2015, the

U.S. Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...

advised the following action to remediate Dorkbot infections: *Use and maintain anti-virus software *Change your passwords *Keep your operating system and application software up-to-date *Use anti-malware tools *Disable AutoRun

References