Fighting back against Dorkbot

Dorkbot is a family of malware that was discovered in 2011 on a social media chat system, with users receiving a message with a bogus link that appeared to come from one of their friends on the platform. It has infected over a million computers in 190 countries. It is spread through USB flash drives, instant messaging programmes and social networks. It opens a backdoor on the infected computer, allowing remote access and potentially turning it into a botnet. It participates in DDoS attacks and delivering other types of malware. The primary sites Microsoft lists as targets for stealing user logins and passwords are AOL, eBay, Facebook, Gmail, Godaddy, OfficeBanking, Mediafire, Netflix, PayPal, Steam, Twitter, Yahoo, and YouTube. LogMeIn, Brazzers, and YouPorn are also on the target list.

In December 2015, Europol’s European Cybercrime Centre (EC3) and Joint Cybercrime Action Taskforce (J-CAT), alongside INTERPOL, the Department of Homeland Security, the Federal Bureau of Investigation, the National Cyber Investigative Joint Taskforce – IC4 and law enforcement officials from across the world, including 5 EU Member States, Albania and Montenegro, partnered with Microsoft and other members of the private sector to disrupt Dorkbot.

Wil van Gemert, Europol’s Deputy Director Operations, said: “Botnets like Dorkbot have victimised users worldwide, which is why a global law enforcement team approach working with the private sector is so important. Europol is pleased to join forces with its law enforcement and private sector partners to defeat malicious botnets that have the potential to impact millions of victims.”

By following best practice guidelines, you can detect and remove this threat and other malicious software.

  • Run a full-system scan with an appropriate, up-to-date security solution.
  • Use and maintain anti-virus and anti-malware software.
  • Keep your operating system and application software up-to-date. Install software patches so cybercriminals cannot take advantage of known problems or vulnerabilities.
  • Be cautious when opening emails or social media messages from unknown users
  • Be wary about downloading software from websites other than the program developers.

If you have been infected passwords could have been leaked, so they should be updated.