The FBI, Interpol and Microsoft Take Down Dorkbot
Posted by: Timothy Weaver on 12/08/2015 09:15 AM
[
Comments
]
Microsoft, CERT.PL and ESET, along with a coalition of law enforcement agencies, took down a ring of over 1 million computers infected with the Dorkbot botnet.
According to an Interpol statement, the coordinated effort “resulted in the takedown of the botnet's main servers and data channels.”
The coalition of law enforcement agencies included the FBI, the Department of Homeland Security, Europol, Interpol, and the Royal Canadian Mounted Police, Canadian Radio-television and Telecommunications Commission, the Russian Ministry of Interior Department K, the Indian Central Bureau of Investigation, and the Turkish National Police.
The spread of the malware was discovered in 2012 when at started being spread by a phishing campaign that spread the malware to Skype users through phony Skype IMs. Trend Micro wrote in a blog post that Dorkbot (also known as NgrBot) was being used to launch DDoS attacks, steal website login information, and download malware.
The malware steals usernames and passwords and, according to Microsoft, Dorkbot was found on approximately 100,000 computers per month over the past six months. Once a computer is infected, it is then instructed to download other malware or spread to other computers. In some cases, entire websites were compromised, and delivered the malware to web visitors.
Source: SCMagazine
According to an Interpol statement, the coordinated effort “resulted in the takedown of the botnet's main servers and data channels.” The coalition of law enforcement agencies included the FBI, the Department of Homeland Security, Europol, Interpol, and the Royal Canadian Mounted Police, Canadian Radio-television and Telecommunications Commission, the Russian Ministry of Interior Department K, the Indian Central Bureau of Investigation, and the Turkish National Police.
The spread of the malware was discovered in 2012 when at started being spread by a phishing campaign that spread the malware to Skype users through phony Skype IMs. Trend Micro wrote in a blog post that Dorkbot (also known as NgrBot) was being used to launch DDoS attacks, steal website login information, and download malware.
The malware steals usernames and passwords and, according to Microsoft, Dorkbot was found on approximately 100,000 computers per month over the past six months. Once a computer is infected, it is then instructed to download other malware or spread to other computers. In some cases, entire websites were compromised, and delivered the malware to web visitors.
Source: SCMagazine
Comments
