Law enforcement agencies from around the globe, aided by Microsoft security researchers, have today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot. This malware family has infected more than one million PCs in over 190 countries.
Dorkbot spreads through USB flash drives, instant messaging programs, and social networks. It steals user credentials and personal information, disabling security protection, and distributing several other prevalent malware families.
The Microsoft Malware Protection Center (MMPC) and the Microsoft Digital Crimes Unit (DCU) led the analysis of the Dorkbot malware in partnership with ESET and Computer Emergency Response Team Polska (CERT Polska, NASK).
We activated a Coordinated Malware Eradication (CME) campaign, performed deep research, and provided telemetry to partners and law enforcement such as CERT Polska, ESET, the Canadian Radio-television and Telecommunications Commission (CRTC), the Department of Homeland Security’s United States Computer Emergency Readiness Team (DHS/USCERT), Europol, the Federal Bureau of Investigation (FBI), Interpol, and the Royal Canadian Mounted Police (RCMP), to help take action against Dorkbot infrastructure.
The MMPC has closely monitored Dorkbot since its discovery in April 2011 and released our research in the following blogs:
- MSRT March 2012: Breaking bad
- An analysis of Dorkbot's infection vectors (part 1)
- An analysis of Dorkbot's infection vectors (part 2)
Our real-time security software, such as Windows Defender for Windows 10, and standalone tools such as Microsoft Safety Scanner, and the Malicious Software Removal Tool (MSRT), can detect and remove Dorkbot. It’s important to keep your security software up-to-date to ensure you have the latest protection...
Read more: Microsoft assists law enforcement to help disrupt Dorkbot botnets - Microsoft Malware Protection Center - Site Home - TechNet Blogs
