Polish experts from CERT Poland in cooperation FBI and Interpol led to the disposal of the botnet Dorkbot – malware that just this year has infected around the world at least one million Windows devices.
The botnet Dorkbot, creating a network of infected computers operated since 2011. And was used by cybercriminals, among others, to steal credentials person off antivirus software and distribute other malicious software. Among Polish users spread via Skype. In addition to instant messaging, Dorkbot infection also used the social networking and USB media. Part of the infrastructure to manage the botnet was in Poland.
- The greatest danger associated with the operation of Dorkbota was using it as a platform to distribute other cyber threats. Estimating the actual number of infected computers will be possible after a detailed analysis of the entire threat, but according to preliminary estimates of the scale of infection in Poland was not significant – said the head of the CERT Poland Piotr Kijewski. He added that his team informed the Polish users about the threat in the autumn of 2012.
To neutralize Dorkbota, set up an international consortium, headed stood Microsoft. It consists – next CERT Poland – included: ESET, working in the Department of Homeland Security of the United States team of US-CERT, the FBI, Interpol and Europol and other law enforcement agencies. The culmination of the activities of the consortium, aimed at eliminating the threat was the destabilization of the virus. As a result, management infrastructure malware has been disposed of, and the whole movement, which generated Dorkbot, moved to specific IP addresses, where it will be captured and tested.
In cooperation CERT Polish experts analyzed the malware and provided information on the principles of its operation. At the same time handed telemetry data on existing viruses, and also they participated in the consultations on the direction of activities.
A botnet is a network of infected computers (also called zombie PCs, or bots), whose aim is to carry out orders cybercriminals. Botnets are usually used for the so-called. DDoS attacks, or block access to services on the Internet, eg. bank, auction website or online store, distribute unsolicited email, ie. spam, steal confidential data, to withdraw funds from accounts, electronic banking.
CERT Poland operates within the Research and Academic Computer Network (NASK) for 19 years and monitors the risks associated with cyber security internet users in Poland. Regularly also preparing a report summarizing threats on the Internet in a given year.
No comments:
Post a Comment