The United States Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), in conjunction with Microsoft, have managed to “disrupt” Darkbot botnets, the vicious programs that affected over 100,000 machines across over 190 countries each month.
The company in a blog post noted that in a coordinated network with the said security agencies and organisations, they were able to take botnet servers offline. The company further noted that it worked with security vendor ESET, the Canadian Radio-television and Telecommunications Commission, the Computer Emergency Response Team Polska, Europol, Interpol, and the Royal Canadian Mounted Police to claim the victory.
The programs, that performed DDoS attacks and spread different kinds of malware, stole user logins, passwords from several widely used products and services including Facebook, Twitter, Gmail, Netflix, PayPal and LogMeIn among others. Botnets were first reported in 2011.
These programs infected Web browsers and exploited vulnerable software using exploit kits and through spam. The malware spread through USB drives, social networks, instant messenger clients and other ways.
“Once connected to the C&C server,” Microsoft wrote, “Dorkbot may be instructed to block certain security websites by blocking access to them. It does this through the hooked DnsQuery API in the IRC module.”
Long from a happy ending, the company insists that cybercriminals are migrating and setting up new strategies to affect more computers. But the fact that the good guys managed to get hold of the largely, publicly known botnet servers means that the bad guys aren’t undefeatable.
The company has the following advice to share, “Be cautious when opening emails or social media messages from unknown users. Be wary about downloading software from websites other than the program developers. Run antimalware software regularly. Our real-time security software, such as Windows Defender for Windows 10 for Windows 10 with up-to-date AV definitions will to ensure you have the latest protection against Dorkbot threats. Alternatively, standalone tools such as Microsoft Safety Scanner, and the Malicious Software Removal Tool (MSRT), can also detect and remove Dorkbot.”
“Microsoft is also continuing the collaborative effort to help clean Dorkbot-infected computers by providing a one-time package with samples (through the Microsoft Virus Initiative) to help organizations in protecting their customers.”