Microsoft, in cooperation with a number of law enforcement agencies around the world, managed to disrupt a botnet that’s infected over a million PCs across more than 190 countries.
First discovered in April 2011, Dorkbot is an IRC-based botnet that has been commercialized by its creator and is readily available for purchase on underground online forums as NgrBot. The malware relies on USB drives, social networks, IM clients, spam and drive-by downloads for distribution.
It’s most often used to steal login credentials for many of today’s top sites and services including AOL, eBay, Facebook, Gmail, Godaddy, Netflix, PayPal, Steam, Twitter, Yahoo and YouTube.
Over the past six months, Microsoft said it detected Dorkbot on roughly 100,000 systems each month with the majority of infections spotted internationally.
Microsoft said it worked with CERT Polska, ESET, the Canadian Radio-television and Telecommunications Commission, the Department of Homeland Security’s United States Computer Emergency Readiness Team, Europol, the Federal Bureau of Investigation, Interpol and the Royal Canadian Mounted Police to disrupt the botnet.
Details on exactly what actions were taken to disrupt Dorkbot weren’t mentioned.
The US Computer Emergency Readiness Team (CERT) advises those that have been infected to use and maintain anti-virus software, change passwords, keep operating system and application software up-to-date, use anti-malware tools and disable Windows Autorun.