Operations of the Dorkbot botnet have been disrupted following an operation that brought together law enforcement agencies led by the FBI, Interpol and Europol, and various infosec firms.
The Dorkbot infrastructure, including command and control servers in Asia, Europe, and North America, has been knocked sideways and domains seized, with the latter affecting the ability of crooks to control compromised computers. Infected Windows PCs will still need to be cleaned up, however.
Dorkbot has been doing the rounds for more than four years, essentially since April 2011.
Security firms, including ESET, shared technical analysis of Dorkbot.
The information included the domains and internet addresses of the botnet’s command and control servers, vital intelligence for the subsequent takedown operation. Microsoft and CERT.PL also assisted in the disruption effort.
Dorkbot is a well-established botnet distributed via various channels, such as social networks, spam, removable media and exploit kits. The malware is a password-stealer targeting popular web services, such as Facebook and Twitter.
Dorkbot typically installs secondary malware on compromised machines. Favourite flavours include Kasidet (AKA Neutrino bot), malware used to conduct DDoS attacks and Lethic, a well-known spambot.
Unwitting conduits for spreading the infection included celebrity cook Jamie Oliver's website back in February. ®