Casa > cibernético Notícias > Dorkbot Malware From 2012 Ressurge e se torna grande ameaça
CYBER NEWS

Dorkbot Malware De 2012 Ressurge e se torna grande ameaça

Dorkbot, um 6-year-old de malware bancário ressurgiu na natureza para se tornar uma grande ameaça, de acordo com recente relatórios.

o Dorkbot banking malware reportedly started its malicious activity back in 2012 but now it seems as if this virus has started to attack banks once again. This updated version of Dorkbot was ranked second in the world back in 2012 and according to Check Point’s report it may now be back to wreak havoc and cause damage to banking institutions on a major level.




What Is Dorkbot?

Dorkbot is a banking malware which was used by hackers to target Skype accounts as well as Facebook and Twitter accounts. The malware has been reported to try to trick victims to download an archive which contained a message in it, called “Is this your new profile pic?”. The .zip attachment was opened by the victim and then the malware locked the victimized computer. But this is not all that it does, as the Dorkbot locks the computer into a botnet infection and the contacts of the victims are sent to the malicious archive.

The virus has evolved in a new updated variant which basically makes it an advanced RAT (Acesso remoto Trojan), which is configured to steal user information, tal como:

  • Passwords and account names.
  • Keystrokes typed.
  • Logged in details when the user attempts to log in a banking site.

According to Check Point researchers, the malware was created to allow the attacker controlling it capabilities to perform remote code execution attacks with the primary idea to manually steal saved sensitive banking data. This means that the hacker may even be able to look into your computer’s history to check for passwords or data you have previously entered. The new injection capabilities, used by the malware has been detected behind the name Early Bird and it is basically a way of obfuscating the malware and allowing it to avoid being detected by any antivirus and security software.

The today’s variant of Dorkbot is quite more advanced and it impressed even analysts at CheckPoint, who also mentioned other well known banking infecções em seu relatório.

Dorkbot’s Activity

The original activity of Dorkbot drops multiple files, in the %AppData% and %Temp% directories and among those files are worm infection files, that allow it to automatically spread across different machines. Além desta, Dorkbot may also heavily modify the Windows registry sub-keys, as Microsoft report in their análise of the malware. The virus primarily attacks the Run and RunOnce sub-keys where it creates registry entries for all of it’s executable files to automatically run when you start Windows. The files are different for the different variants of Dorkbot, but primarily may be the following:

→ %APPDATA%\c731200
%APPDATA%\ScreenSaverPro.scr
%APPDATA%\temp.bin
%APPDATA%\update\explorer.exe
%APPDATA%\update\cleaner.exe
%APPDATA%\update\update.exe
%APPDATA%\windowsupdate\updater.exe
%APPDATA%\windowsupdate\live.exe
%APPDATA%\Windows Live\.Exe, for example %APPDATA%\Windows Live\dkxjymgruw.exe
%TEMP%\Adobe\Reader_sl.exe
%TEMP%\c731200




The virus also has a folder, chamado RECYCLER, which uses all possible USB drives and registers them as a way to propagate into flash drives. The malware also uses backdoor access and control, so banks are advised to beware as it may spread in new and more clever ways.

Ventsislav Krastev

Ventsislav Krastev

Ventsislav é especialista em segurança cibernética na SensorsTechForum desde 2015. Ele tem pesquisado, cobertura, ajudando vítimas com as mais recentes infecções por malware, além de testar e revisar software e os mais recentes desenvolvimentos tecnológicos. Formado marketing bem, Ventsislav também é apaixonado por aprender novas mudanças e inovações em segurança cibernética que se tornam revolucionárias. Depois de estudar o gerenciamento da cadeia de valor, Administração de rede e administração de computadores de aplicativos do sistema, ele encontrou sua verdadeira vocação no setor de segurança cibernética e acredita firmemente na educação de todos os usuários quanto à segurança e proteção on-line.

mais Posts - Local na rede Internet

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...