December 7, 2015 By Douglas Bonderud 2 min read

Score one for the good guys: A collaborative effort from the FBI and Interpol, along with vendors like Microsoft and security agencies such as the Computer Emergency Response Team (CERT) Polska and the Department of Homeland Security’s US-CERT, has taken down a collection of over 1 million computers infected by the Dorkbot malware botnet, according to SC Magazine. It’s been four years in the making, but progress may finally be ahead in the fight against widespread malicious code.

Damaging Dorkbot

As noted by CSO Online, Dorkbot was first discovered in April 2011. But real notoriety didn’t come until October 2012, when security researchers at GFI Software announced the malware was being spread to Skype users through phony Skype IMs. The malware is designed to steal login credentials for online services like Gmail, Facebook, PayPal and Netflix and usually infects computers through websites running exploit kits or spam sent via email.

Once a computer is compromised, Dorkbot relies on worm functionality to spread via social media, instant messaging or even removable drives. More recently, an exploit kit called NgrBot began popping up on underground marketplaces, which allowed users to create large-scale botnets. Apparently, that was the tipping point, and it was worrisome enough that law enforcement, vendors and security agencies were willing to put aside their differences and go after the rapidly expanding dork network.

Old Problems, New Ground?

While the takedown of more than 1 million bots is good news, the CSO article rightly pointed out that the effects are often temporary. In a few weeks or month, malware creators are back in action with new command-and-control (C&C) servers and an updated version of their software.

According to Canadian news agency CBC, however, the winds of cyber change may be blowing. In Toronto, the Canadian Radio-television and Telecommunications Commission (CRTC) issued the first-ever warrant under the federal government’s antispam legislation. The CRTC was able to show that the Toronto-based server “acted as a command-and-control point for the Win32/Dorkbot malware,” obtain the warrant and take down the hardware as part of the joint Dorkbot effort.

Here’s where things get promising. Sure, malware-makers can simply spin up a new server somewhere, but if other countries are willing to follow the Canadian example and start cracking down on malicious actors and C&C centers before they do significant harm, it may be possible to force cybercriminals’ hand. This would put them on the run instead of giving them the run of user computers and corporate networks.

Bottom line? Taking down a Dorkbot botnet, even one running on one million-plus computers, isn’t the end game here but just a solid first move. Improved collaboration across industries and agencies is a positive step forward but the real move here is hitting bad guys where they live: It’s time to turn ground zero for botnets into a risky bet for any would-be malware makers.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today