Week 2 - Microsoft Leads Effort To Disrupt Dorkbot Botnet

Researchers from Microsoft’s Malware Protection Center and Digital Crimes Unit teamed up with counterparts at ESET and CERT Polska in providing detailed information and telemetry on Dorkbot to law enforcement in the US, Canada, and Europe. US-CERT, the FBI, Interpol, and the Royal Canadian Mounted Police, all worked on the case.

Dorkbot is malware that have infected more than 1 million computers worldwide.  It is used to steal passwords and personal information from people logging into sites like Facebook, Gmail, Netflix, PayPal, Twitter, and YouTube.  It works by disabling security software on a system and blocks access to the security websites that update the software. Once on a system, Dorkbot connects via IRC to a remote command and control server and downloads other malware on to it. Compromised systems become part of large Dorkbot botnets used in denial-of-service attacks and for spam distribution purposes.

Microsoft’s Coordinated Malware Eradication campaign, is an effort to get security vendors, researchers and other stakeholders to pool their resources and information in coordinated, large scale anti-malware campaigns. The company has said that it is only through coordinated efforts that the industry has a chance to deter destructive malware campaigns.

The combined efforts of the teams listed in this article is a great example of what we're capable of against hackers.  It seems as if only hacks and security breaches against major corporations are reported in the mainstream media and not stories like these.  IT Security Professionals and organizations catch a lot of flack for not "doing their jobs" and stopping these attacks, but it's not as easy as it sounds especially when they're going up against intelligent hackers and rapidly evolving technologies.  I'm confident that although we may not hear about stories like these on a daily basis, teams and organizations are working diligently to keep our networks safe.

References
http://www.darkreading.com/vulnerabilities---threats/microsoft-leads-effort-to-disrupt-dorkbot-botnet/d/d-id/1323429?