INTERPOL supports global operation against Dorkbot botnet

4 December 2015

SINGAPORE – A coordinated global operation to disrupt the Dorkbot botnet, believed to have infected more than one million computers worldwide in 2015 alone, was supported by INTERPOL.

A series of simultaneous actions involving law enforcement in North and Central America, Europe and Asia, with close collaboration from private industry, resulted in the takedown of the botnet’s main servers and  data channels. 

Since its discovery in 2011, Microsoft has closely monitored Dorkbot via the Microsoft Malware Protection Center and the Microsoft Digital Crimes Unit. Analysis provided by Microsoft, Computer Emergency Response Team (CERT) Polska and technology security company ESET was provided to the private companies and law enforcement agencies involved in the action against the Dorkbot infrastructure. 

The INTERPOL Digital Crime Centre (IDCC) supported the operation from the INTERPOL Global Complex for Innovation in Singapore through active coordination with law enforcement in its participating member countries to take down servers and domains.

“This successful operation shows the value and need for close collaboration between law enforcement and the private sector to detect, prevent and mitigate all manner of cyberthreats,” said Sanjay Virmani, Director of the IDCC.

“We encourage private sector companies with expertise in the cyber realm to work with INTERPOL to combat these very real security risks,” he concluded.

The operation involved support from law enforcement agencies and industry partners including CERT Polska, ESET, Canadian Radio-television and Telecommunications Commission, US Department of Homeland Security’s United States Computer Emergency Readiness Team, Europol, US Federal Bureau of Investigation, the Royal Canadian Mounted Police, the Russian Ministry of Interior Department K, the INTERPOL National Central Bureau in Russia, the Indian Central Bureau of Investigation and the Turkish National Police.

Investigators from the affected countries and companies are continuing to identify the criminals behind the Dorkbot malware.

The Dorkbot botnet is used for a variety of illegal activities, most commonly: 

  • Stealing account credentials for online payment and other websites;
  • Distributed denial of service attacks;
  • Providing a mechanism through which other types of dangerous malware can be downloaded to and installed onto the victim’s computer.

Dorkbot spreads through USB flash drives, instant messaging programmes and social networks. This malware can easily be removed with the appropriate anti-virus tools, therefore computer users are advised to scan their machines regularly.