DorkBots – That’s all we need

 In ITC's Threat of the Week

Microsoft and the US-CERT have put out advisories concerning a piece of persistent malware that has apparently infected over 1 million PCs over the last year in 190 countries.

It seems that this Dorkbot malware is very sneaky, not just because it appears to have evaded many off the shelf anti virus packages, but because it is like the Swiss army penknife of malware, with the following fold out tools:

  • Steal your passwords and bank details (obvs)
  • Be used as part of a Distributed Denial Of Service attack (DDOS)
  • Distribute even nastier Malware to the infected machine
  • Download and run files from a URL
  • Block or redirect certain sites (like Anti Virus vendor download sites!!)
  • Send Spam email

The malware is spread in the usual ways – malicious website, phishing emails and via removable media, so all of our recommendations about education, education, education hold true, refresh the minds of people to be vigilant.

The usual recommendations for mitigation (and avoidance) are:

  • Keep your AV up to date
  • Change your online passwords (from another machine) if you have even a sniff of infection
  • Keep patched (yes, we know it’s boring, but has to be done)
  • Use anti-malware tools – we like MalwareBytes (www.malewarebytes.org) – you have to be careful to run the free version otherwise the install starts up as a trial of the full version…
  • Disable Autorun – to stop infection from removable media
  • Consider running the Microsoft security scanner (http://www.microsoft.com/security/scanner/en-us/default.aspx)

Or of course, do the right thing, throw your PC in the bin and get yourself a Mac.

The Microsoft details on the Dorkbot saga are here:

ITC’s NetSure360° Managed Security Service includes tools to identify infected machines, machines with out of date antivirus and can deal with them automatically before they can do any damage.

If you would like a demonstration, a chat about it or a shoulder to cry on, please contact us at:
020 7517 3900 or [email protected]

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return