Win32/Dorkbot botnet disrupted by Microsoft and law enforcement officials

Win32/Dorkbot botnet is malware that has infected more than 190 million computers worldwide. In conjunction with local law enforcement, Microsoft has managed to disrupt Dorkbot malware. Microsoft didn’t explain exactly how it was able to disrupt Dorkbot, but Microsoft gives some tips on how to avoid Dorkbot. Dorkbot can spread to other computers through infected USB drives or a malicious link sent via email, instant messaging, or posted on social networks.

According to Microsoft’s Malware Protection Center (MMPC), Win32/Dorkbot malware steals your usernames and passwords by following your online behaviors. Dorkbot can also download more malware onto an infected computer or laptop and stop you from accessing security-related websites. There are different kinds of Dorkbot that can also access your computer or laptop to use in Distributed Denial of Service (DDoS) attacks. A prime example of a DDoS attack would be the outages of Xbox Live and PSN Network last Christmas by Lizard Squad.

Dorkbot

Microsoft’s Dorkbot machine detections map for last three months

Microsoft indicated that the following websites are prime candidates for Dorkbot to steal usernames and passwords: AOL, eBay, Facebook, Gmail, GoDaddy, OfficeBanking, Mediafire, Netflix, PayPal, Steam, Twitter, Yahoo, and YouTube. Dorkbot also blocks you from accessing anti-virus and anti-malware programs and websites like: Avast, Bitdefender, F-Secure, Kaspersky, Malwarebytes, McAfee, Norton, Sophos, Trend Micro, and VirusTotal.

Microsoft gives advice to those looking to prevent or detect the security threat known as Dorkbot:

“Be cautious when opening emails or social media messages from unknown users. Be wary about downloading software from websites other than the program developers. Run anti-malware software regularly. Our real-time security software, such as Windows Defender for Windows 10 with up-to-date AV definitions will to ensure you have the latest protection against Dorkbot threats. Alternatively, standalone tools such as Microsoft Safety Scanner, and the Malicious Software Removal Tool (MSRT), can also detect and remove Dorkbot. Microsoft is also continuing the collaborative effort to help clean Dorkbot-infected computers by providing a one-time package with samples (through the Microsoft Virus Initiative) to help organizations in protecting their customers.”

Microsoft suggests that the best way you can keep your computer safe from Dorkbot is to stay up-to-date with the latest Windows 10 security updates. Microsoft’s Malware Protection Center will continue to try to disrupt and possibly stop Dorkbot until the next security threat arises.

Share This
Further reading: , ,

Do you think there will be another DDoS attack on Xbox Live this year?