OIT Tech 32px

Personal/Identity

Passphrase

Lock Computer

Phishing

Email Headers

Market Research as Potential Spyware

End User License Agreements (EULAs)

 

 

 

Desktop

Internet

Address Certifications & Validations

Browser Security

Concealed Web Addresses

Drive By Downloads

Email Headers

Phishing

 

 

 

 

Mobile

OIT Security

Data and Compliance Best Practices

Business Continuity and Disaster Planning

Kuali

Risk Assessment

Training Materials

Report a Security Incident:
Form Here

Information Security Issues?

Call
740.566.SAFE
Email: security@ohio.edu

Two-step verification is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device. Examples of services that support two-step verification include Gmail, Dropbox and Twitter.

Read More

SANS Institute Security Awareness Tip of the Day Feb 12

Original release date: December 03, 2015

Systems Affected

Microsoft Windows

Overview

Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims computers. According to Microsoft, the family of malware used in this botnet has infected more than one million personal computers in over 190 countries over the course of the past year. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, is releasing this Technical Alert to provide further information about Dorkbot.

Description

Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices.

In addition, Dorkbots backdoor functionality allows a remote attacker to exploit infected system. According to Microsofts analysis, a remote attacker may be able to:

  • Download and run a file from a specified URL;
  • Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
  • Block or redirect certain domains and websites (e.g., security sites).

Impact

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.

Solution

Users are advised to take the following actions to remediate Dorkbot infections:

  • Use and maintain anti-virus software Anti-virus software recognizes and protects your computer against most known viruses. Even though Dorkbot is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of Dorkbot, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
  • Change your passwords Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
  • Keep your operating system and application software up-to-date Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
  • Use anti-malware tools Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (see example below) to help remove Dorkbot from their systems.
  • Disable Autorun Dorkbot tries to use the Windows Autorun function to propagate via removable drives (e.g., USB flash drive). You can disable Autorun to stop the threat from spreading.

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx

The above example does not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Revision History

  • December 3, 2015: Initial Publication

This product is provided subject to this Notification and this Privacy & Use policy.


Read More

US-CERT Alerts Dec 03

Internet Storm Center Infocon Status