Το Dorkbot, είναι μια οικογένεια malware που λειτουργεί με μια δομή botnet. Το συγκεκριμένο botnet έγινε sinkholed από τις αρχές της Πολωνίας που συνεργάστηκαν με τη Microsoft και την ESET.
Η technique sinkholing είναι η διαδικασία όπου Webmasters they set up a DNS server that sends fake information about the domains used by the botnet. So authorities and security companies installed DNS servers that told infected computers false IPs for the botnet's command and control (C&C) servers, rendering it ineffective.
Dorkbot, is one malicious software που είδαμε για πρώτη φορά το 2011, και χρησιμοποιήθηκε αρχικά για να υποκλέπτει λογαριασμούς στο Twitter, το Facebook, τη PayPal, το Gmail, το Netflix, the eBay, και άλλες υπηρεσίες.
Το κακόβουλο λογισμικό είχε εξαπλωθεί σε περισσότερες από 190 χώρες μέσω αφαιρούμενων μέσων, spam e-mail, but most of the time, through social networks.
At first Dorkbot was only interested in hacking accounts, but later evolved, and acquired additional functions which allowed it to download and install other threats on the infected systems. Among them were the Kasidet malware that could carry out DDoS attacks and the Lethic spambot.
In addition to ESET, Microsoft, and the Computer Emergency Response Team of Poland (CERT / PL), other organizations also helped in the fight against Dorkbot. These include Interpol, the FBI, the United States Department of Homeland Security et al.
According to the information provided by Microsoft, in the process of being sinkholed, Dorkbot was running on a network of 120.000 infected computers.
To help botnet victims, ESET offers a free tool that allows users to crawl and remove Dorkbot from their systems.
Dorkbot | DOWNLOAD Version: 1.1.0.5 Last updated: 2015-12-01 16:20:24 |