Microsoft, law enforcement disrupt Dorkbot botnet

Dorkbot steals login credentials for many online services

hacker
Credit: IDGNS

Microsoft said Thursday it aided law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide.

The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix.

It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.

Microsoft didn't provide much detail on how Dorkbot's infrastructure was disrupted. The company has undertaken several such actions over the last few years in cooperation with law enforcement.

Coordinated actions to take botnet servers offline have an immediate impact, but the benefits can be short-lived. Cybercriminals often set up new hosting and command-and-control infrastructure and begin rebuilding the botnet by infecting new computers.

Microsoft said it worked with security vendor ESET, the Computer Emergency Response Team Polska, the Canadian Radio-television and Telecommunications Commission, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team, Europol, the FBI, Interpol, and the Royal Canadian Mounted Police.

Cybercriminals have sold a kit that allows other bad actors to build botnets using Dorkbot. The kit, called NgrBot, is sold in underground online forums, Microsoft wrote in a blog post

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.