Tag: sinkhole

Dorkbot botnets disruption

Date of publication: 04/12/2015, CERT Polska

CERT Polska has partnered together with Microsoft, ESET and law enforcement agencies including US-CERT/DHS, FBI, Interpol and Europol in activities aimed at disrupting of the Dorkbot malware family. This disruption – which includes sinkholing of the botnet’s infrastructure – took place yesterday. Dorkbot is a well-known family of malware, operating somewhat under the radar since 2011. Its main objective is to steal data (including credentials), disable security applications (such as antivirus programs), and to distribute other types of malware. According to early estimates, Dorkbot has infected at least one million PCs running Windows worldwide last year, with an average monthly infection size of about 100,000 machines. Polish users were among the targets.
Read more

Virut botnet report

Date of publication: 21/02/2013, CERT Polska

At the end of January and the beginning of February 2013 NASK (Research and Academic Computer Network) — the .pl ccTLD Registry — and its security team CERT Polska took over 43 .pl domains used to control the Virut botnet and to spread malicious applications. As a result of this action, all traffic from infected computers to the Command and Control servers were redirected to the sinkhole server controlled by CERT Polska.
Read more