Dorkbot and associated Botnets Temporarily Disrupted

The world’s most widely proactive malware group Dorkbot and all of its associated Botnets have been disrupted.

This disruption was made possible by the combined efforts of international law enforcement agencies with the support of prominent security and technology companies including Microsoft.

According to Wil van Gemert, the Europol deputy director of operations who was part of the take-down team, the reason behind this operation was that “Botnets like Dorkbot have victimized users worldwide, which is why a global law enforcement team approach working with the private sector is so important.”

If you are unaware about Dorkbot then let us inform you about it.

Dorkbot:

Dorkbot is a malicious malware, which firstly appeared in 2011.

It infects a PC and lets hackers install additional malicious software along with launching DDoS attacks and hack confidential data for sending spam emails.

It utilizes Internet Relay Chat for C&C purposes.

Dorkbot is sold as crimeware toolkit called “NgrBot” on cybercrime forums.

NgrBot includes Bot-building kits and also extensive documentation.

The malware is designed to steal credentials and passwords of social media accounts

It also installs malware that can transform infected endpoints into nodes

As per Europol authorities, only in 2013 this malware infected more than 1million computers worldwide across 190 different countries.

Europol works with international partners to target Dorkbot Botnet https://t.co/4F6jGqG9OL @EC3Europol @FBI @DHSgov & more

— Europol (@Europol) December 4, 2015

The command-and-control servers of the malware were “sinkholed” by the team on Dec 3.

However, officials aren’t sure for how long this disruption will be sustained because of the probability of malware developer releasing updated version to new C&C servers.

This is being speculated because previously when the authorities sinkholed the related domains of the malware, it again reemerged and sold on several forums.

The latest campaign to eliminate Dorkbot was conducted with the cooperation of law enforcement agencies from all over the world including the Department of Homeland Security’s Computer Emergency Readiness Team and FBI from the US, the Royal Canadian Mounted Police, Europol and the Interpol.

This is the second joint operation conducted by law enforcement authorities in Europe. In March 2015, cyber police from Germany, Italy, Netherlands and the United Kingdom shut down world’s biggest ever botnets at that time known as Ramnit.

The Ramit malware was so dangerous that according to researchers it compromised more than 3.2 million Microsoft Windows-based PCs. At the time of shutting down the botnet was active in 350,000 computers worldwide.