Monday, 8 February 2016

Dorkbot' Strikes Again!

Cyber security investigators have announced high alert to the Indian internet users against the malicious activities of an online virus called 'Dorkbot'. It executes itself through various social networking sites and steals sensitive personal data and passwords of a user. Recently this variant of online virus and worm has been observed to be affecting Windows operating systems.

According to a research by eScan team, this malware possesses backdoor functionality and spreads through different vectors like drive-by-download attacks, social networking sites and compromised websites with browser exploits via removable drives in the form of auto-run exploits or by means of malicious links in instant messaging chats.

What Dorkbot is capable of?
This malware is capable of stealing data from infected machine including stored passwords, browser data, cookies and also has a dangerous potential to take complete control of the affected system. 
The cyber security agency in this aspect said that the malware can hide itself by over-writing, can collect system information like OS information, user privileges or apps installed on the system and also can act to help remote access of the affected machine to the culprit. 
It destroys and infects a system by acquiring fake identities of Facebook, Skype or other platforms and increases the possibility of potential virus attack.
eScan team also added that this malware injects its code into files like cmd.exe, ipconfig.exe, regedit.exe, regsvr32.exe, rundll32.exe, verclsid.exe and explorer.exe to conceal itself from detecting by any anti-virus solutions. There can be some counter-measures for users to deploy and guard against 'dorkbot' malware.

Tips for Consumers:
Users can delete the system changes made by the malware like creating files, setting internet and local intranet security to 'high'  in order to block activeX controls and active scripting.
Scanning of infected system with updated versions of anti-virus solution or eradication of shared or group accounts and restraining from visiting untrusted websites can be a respite
Do not download or open attachments in emails received from any unknown sources.
Companies and consumers should provide strong password policy and implementation on regular change of passwords.
USB Vaccination feature of various eScan products plays vital role to prevent the USB devices becoming a source of infection.
The 'vaccine' that is provided to the removable USB devices, can prevent malicious malwares from affecting the system.
USB Drive once inoculated with the help of these features, can prevent the drives from being infected by all sorts of malwares/ Trojans.