Το Dorkbot, είναι μια οικογένεια malware που λειτουργεί με μια δομή botnet. This particular botnet was sinkholed by Polish authorities who worked with Microsoft and ESET.
The sinkholing technique is the process where webmasters set up a DNS server that sends fake information about the domains used by the botnet. So authorities and security companies installed DNS servers that told infected computers false IPs for servers management and control (C&C servers) of the botnet, making it inefficient.
Dorkbot, is one malware first seen in 2011, and was originally used to hijack accounts on Twitter, Facebook, PayPal, Gmail, Netflix, eBay, and other services.
The malware had spread to more than 190 countries through removable media, spam e-mails, but most often, through social networks.
At first, Dorkbot was only interested in billing, but later evolved, and acquired additional functions that allowed him to download and install other threats to infected systems. Among these were the Kasidet malicious software that could run DDoS attacks and the Lethic spambot.
In addition to ESET, Microsoft and the Computer Emergency Response Team of Poland (CERT / PL), they helped other organizations fight Dorkboot. These include Interpol, the FBI, the US Department of Homeland Security,
According to the information provided by Microsoft, in the process of sinkholed, Dorkbot ran into an 120.000 network of infected computers.
To help botnet victims, ESET offers a free tool that allows users to crawl and remove Dorkbot from their systems.
| Dorkbot | DOWNLOAD Version: 1.1.0.5 Last updated: 2015-12-01 16:20:24 |
