Press Center

Malware and antivirus software

News

ESET Helps To Disrupt “Dorkbot” - Major Botnet Malware

Created: 2015-12-04 00:00:00

ESET took part in a global operation to uncover malware affecting more than a million computers.

The operation by law enforcement agencies around the globe led by the FBI, Interpol and Europol disrupted the Dorkbot infrastructure, including Command and Control servers in Asia, Europe, and North America. What’s more, the operation has led to the seizure of domains, thus disrupting the botnet operators’ capacity to control their victims’ computers.

 

“To make the internet safer and protect our users, we have contributed to the disruption efforts. In the case of Dorkbot, ESET shared technical analyses and statistical information about the malware and provided the domains and internet addresses of the botnet’s command and control servers,” said Jean-Ian Boutin, Malware Researcher at ESET.

 

Dorkbot is a well-established botnet based on Win32/Dorkbot malware that is distributed via various channels, such as social networks, spam, removable media and exploit kits. Once installed on the machine, it will try to disrupt the normal operation of security software by blocking access to its update servers and will then connect to an IRC server to receive further commands.

Besides being a password stealer targeting popular services such as Facebook and Twitter, Dorkbot typically installs code from one of several other malware families soon after it gains control of a given system. Notably, Win32/Kasidet, malware used to conduct DDoS attacks also known as Neutrino bot, and Win32/Lethic, a well-known spambot, are regularly dropped by Dorkbot onto compromised systems.

 

“As we’ve seen thousands of detections every week coming from almost all parts of the world and there are fresh samples arriving daily, Dorkbot seemed like a viable target for a disruption effort,” commented Jean-Ian Boutin.

 

ESET products currently protect their users against thousands of variations of Dorkbot modules, along with many other forms of malware distributed by the Dorkbot botnets. Internet users who believe that their system might be infected by Dorkbot can make use of ESET’s free tool to run a thorough scan.

You can find more information about the Dorkbot and how it was neutralized in a dedicated article by Jean-Ian Boutin at WeLiveSecurity, ESET’s official blog on (not only) security. For more updates follow hashtag #Dorkbot on social media.

 


 

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit www.eset.sg or follow us on Facebook and Twitter.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Version 2 Singapore Pte Ltd is the local office of Version 2 Limited.
For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.