Tag: dorkbot

CERT Polska has partnered together with Microsoft, ESET and law enforcement agencies including US-CERT/DHS, FBI, Interpol and Europol in activities aimed at disrupting of the Dorkbot malware family. This disruption – which includes sinkholing of the botnet’s infrastructure – took place yesterday. Dorkbot is a well-known family of malware, operating somewhat under the radar since 2011. Its main objective is to steal data (including credentials), disable security applications (such as antivirus programs), and to distribute other types of malware. According to early estimates, Dorkbot has infected at least one million PCs running Windows worldwide last year, with an average monthly infection size of about 100,000 machines. Polish users were among the targets.
Read more

Recently there have been numerous reports about a new malware spreading through Skype. Since a couple of days, CERT Polska has also been taking an active role in disabling the Dorknet worm. A Polish security portal Niebezpiecznik.pl (article in Polish) mentioned that it also targets Polish users. We acquired a sample of this malware (called “Dorkbot”). This dropper was detected by 28 out of 44 antivirus used by the VirusTotal service:
Read more