Market Research as Potential Spyware
End User License Agreements (EULAs)
Address Certifications & Validations
Concealed Web Addresses
Drive By Downloads
Data and Compliance Best Practices
Business Continuity and Disaster Planning
Never give your password to someone over the phone. If someone calls you and asks for your password while saying they are from the Help Desk or Tech Support team, it is an attacker attempting to gain access to your account.
Original release date: December 03, 2015
Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims computers. According to Microsoft, the family of malware used in this botnet has infected more than one million personal computers in over 190 countries over the course of the past year. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, is releasing this Technical Alert to provide further information about Dorkbot.
Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices.
In addition, Dorkbots backdoor functionality allows a remote attacker to exploit infected system. According to Microsofts analysis, a remote attacker may be able to:
A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.
Users are advised to take the following actions to remediate Dorkbot infections:
The above example does not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.