Backdoor.IRCBot.Dorkbot
   HOME

TheInfoList



Click Here for Items Related To - Backdoor.IRCBot.Dorkbot
OR:
Backdoor.IRCBot.Dorkbot on:   [Wikipedia]   [Google]   [Amazon]

Dorkbot is a family of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
worms Worms may refer to: *Worm, an invertebrate animal with a tube-like body and no limbs Places *Worms, Germany, a city **Worms (electoral district) *Worms, Nebraska, U.S. *Worms im Veltlintal, the German name for Bormio, Italy Arts and entertainme ...
that spreads through
instant messaging Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and trigge ...
,
USB drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since first ...
s,
website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google Search, Google, Facebook, Amaz ...
s or
social media Social media are interactive media technologies that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks. While challenges to the definition of ''social medi ...
channels like
Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin M ...
. It originated in 2015 and infected systems were variously used to send
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
, participate in
DDoS attacks In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
, or harvest users' credentials.


Functionality

Dorkbot’s backdoor functionality allows a remote attacker to exploit infected systems. According to an analysis by
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
and
Check Point Research Check or cheque, may refer to: Places * Check, Virginia Arts, entertainment, and media * ''Check'' (film), a 2021 Indian Telugu-language film * ''The Checks'' (episode), a 1996 TV episode of ''Seinfeld'' Games and sports * Check (chess), a thr ...
, a remote attacker may be able to: *Download and run a file from a specified URL; *Collect login information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or *Block or redirect certain domains and websites (e.g., security sites).


Impact

A system infected with Dorkbot may be used to send
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
, participate in
DDoS attacks In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
, or harvest users' credentials for online services, including banking services.


Prevalence

Between May and December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.


History

On December 7th, 2015 the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.


Remediation

In 2015, the
U.S. Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
advised the following action to remediate Dorkbot infections: *Use and maintain anti-virus software *Change your passwords *Keep your operating system and application software up-to-date *Use anti-malware tools *Disable AutoRun


See also

*
Alert (TA15-337A) Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook. It originated in 2015 and infected systems were variously used to send spam, participate in DDoS attacks, or ...
*
Code Shikara (Computer worm) ''Code Shikara'' is a computer worm, related to the Dorkbot family, that attacks through social engineering. Timeline In 2011, the Code was first identified by the Danish cyber security company CSIS. The AV-company Sophos reported in November ...
*
Computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
*
HackTool.Win32.HackAV A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for lic ...
*
Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
*
US-CERT The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of C ...


References

{{reflist Botnets Exploit-based worms