The topic of this article may not meet Wikipedia's general notability guideline. (January 2018)
Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook. It originated in 2015 and infected systems were variously used to send spam, participate in DDoS attacks, or harvest users' credentials.
- Download and run a file from a specified URL;
- Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
- Block or redirect certain domains and websites (e.g., security sites).
Between May and December 2015, the Microsoft Malware Protection Center detected Dorkbot on an average of 100,000 infected machines each month.
On December 7th, 2015 the FBI and Microsoft in a joint task force took down the Dorkbot Botnet.
- Use and maintain anti-virus software
- Change your passwords
- Keep your operating system and application software up-to-date
- Use anti-malware tools
- Disable AutoRun
- "TA15-337A: Dorkbot". National Cyber Awareness System:, U.S. Department of Homeland Security. December 3, 2015.
- "dorkbot-an-investigation: Dorkbot". Check Point Research. February 4, 2018.
- "Microsoft assists law enforcement to help disrupt Dorkbot botnets". Microsoft Malware Protection Center. December 3, 2015.
- "FBI, Microsoft and Computer Emergency Response Team Polska Takes Down Global DorkBot Malware Botnet". Geek Inspector. December 7, 2015.