December 7, 2015 By Douglas Bonderud 2 min read

Score one for the good guys: A collaborative effort from the FBI and Interpol, along with vendors like Microsoft and security agencies such as the Computer Emergency Response Team (CERT) Polska and the Department of Homeland Security’s US-CERT, has taken down a collection of over 1 million computers infected by the Dorkbot malware botnet, according to SC Magazine. It’s been four years in the making, but progress may finally be ahead in the fight against widespread malicious code.

Damaging Dorkbot

As noted by CSO Online, Dorkbot was first discovered in April 2011. But real notoriety didn’t come until October 2012, when security researchers at GFI Software announced the malware was being spread to Skype users through phony Skype IMs. The malware is designed to steal login credentials for online services like Gmail, Facebook, PayPal and Netflix and usually infects computers through websites running exploit kits or spam sent via email.

Once a computer is compromised, Dorkbot relies on worm functionality to spread via social media, instant messaging or even removable drives. More recently, an exploit kit called NgrBot began popping up on underground marketplaces, which allowed users to create large-scale botnets. Apparently, that was the tipping point, and it was worrisome enough that law enforcement, vendors and security agencies were willing to put aside their differences and go after the rapidly expanding dork network.

Old Problems, New Ground?

While the takedown of more than 1 million bots is good news, the CSO article rightly pointed out that the effects are often temporary. In a few weeks or month, malware creators are back in action with new command-and-control (C&C) servers and an updated version of their software.

According to Canadian news agency CBC, however, the winds of cyber change may be blowing. In Toronto, the Canadian Radio-television and Telecommunications Commission (CRTC) issued the first-ever warrant under the federal government’s antispam legislation. The CRTC was able to show that the Toronto-based server “acted as a command-and-control point for the Win32/Dorkbot malware,” obtain the warrant and take down the hardware as part of the joint Dorkbot effort.

Here’s where things get promising. Sure, malware-makers can simply spin up a new server somewhere, but if other countries are willing to follow the Canadian example and start cracking down on malicious actors and C&C centers before they do significant harm, it may be possible to force cybercriminals’ hand. This would put them on the run instead of giving them the run of user computers and corporate networks.

Bottom line? Taking down a Dorkbot botnet, even one running on one million-plus computers, isn’t the end game here but just a solid first move. Improved collaboration across industries and agencies is a positive step forward but the real move here is hitting bad guys where they live: It’s time to turn ground zero for botnets into a risky bet for any would-be malware makers.

More from

Third-party access: The overlooked risk to your data protection plan

2 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors.The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In this…

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today