Cyber security investigators have announced high alert to the Indian internet users against the malicious activities of an online virus called 'Dorkbot'. It executes itself through various social networking sites and steals sensitive personal data and passwords of a user. Recently this variant of online virus and worm has been observed to be affecting Windows operating systems.
According to a research by eScan team, this malware possesses backdoor functionality and spreads through different vectors like drive-by-download attacks, social networking sites and compromised websites with browser exploits via removable drives in the form of auto-run exploits or by means of malicious links in instant messaging chats.
What Dorkbot is capable of?
This malware is capable of stealing data from infected machine including stored passwords, browser data, cookies and also has a dangerous potential to take complete control of the affected system.
•The cyber security agency in this aspect said that the malware can hide itself by over-writing, can collect system information like OS information, user privileges or apps installed on the system and also can act to help remote access of the affected machine to the culprit.
eScan team also added that this malware injects its code into files like cmd.exe, ipconfig.exe, regedit.exe, regsvr32.exe, rundll32.exe, verclsid.exe and explorer.exe to conceal itself from detecting by any anti-virus solutions. There can be some counter-measures for users to deploy and guard against 'dorkbot' malware.
Tips for Consumers:
•Users can delete the system changes made by the malware like creating files, setting internet and local intranet security to 'high' in order to block activeX controls and active scripting.
•Do not download or open attachments in emails received from any unknown sources.
