Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft, Law Enforcement Disrupt Dorkbot Botnet (technet.com)

Posted by Soulskill on from the dorkbot-is-now-a-word-a-you-know dept.

An anonymous reader writes: Microsoft said in a blog post Thursday that it aided law enforcement agencies in several regions to disrupt a 4-year-old botnet called Dorkbot. The botnet aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix and has infected one million computers worldwide. The company didn't provide details on how Dorkbot's infrastructure was disrupted.

16 of 31 comments (clear)

  1. Plenty Of Detail by Anonymous Coward · · Score: 3, Funny

    The company didn't provide details on how Dorkbot's infrastructure was disrupted.

    WTF, they "activated a Coordinated Malware Eradication (CME) campaign, performed deep research, and provided telemetry to partners and law enforcement". There's enough meaningless jargon in there to satisfy even the most buzzword calloused manager.

    1. Re:Plenty Of Detail by TWX · · Score: 2

      I doubt it. The fact that Microsoft OSes get so infected as they do makes me think they simply broke something like the DNS process that the botnet is dependent on. For all we know, they haven't actually disabled the botnet, just taken control over it.

      --
      Do not look into laser with remaining eye.
    2. Re:Plenty Of Detail by TheRealMindChild · · Score: 1

      They do this pretty often. It is the "Malicious software removal tool" and it has been part of updates via Windows Update for bloody forever (as far back as XP, anyway)

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    3. Re:Plenty Of Detail by LifesABeach · · Score: 1

      The most interesting coincidence is that in all cases, Microsoft is involved at some point. When will the D.O.J. consider that?

  2. The opportunity presented itself... by Drewdad · · Score: 3, Funny

    ...while Dorkbot's operator was trying to decipher Microsoft's new core-based licensing structure.

    1. Re:The opportunity presented itself... by zlives · · Score: 2

      more likely windows 10 telemetry helped in locating, dissecting and disinfecting the botnet without compromising privacy in any way.

  3. Re: Netflix by Anonymous Coward · · Score: 1

    More than likely that many Netflix users have the same password on their TV account as their checking account.

  4. Re:Netflix by Sowelu · · Score: 1

    They could rate things weird and make you see all kinds of bizarre recommendations.

  5. Re:Netflix by Sowelu · · Score: 2

    Realistically though--they can steal some personal information, like name and probably your billing addresses, and they possess a username that is likely to be in use somewhere else. With a username, real names and a billing address, you have enough information to start socially engineering your way into other things.

  6. Re:Netflix by squiggleslash · · Score: 1

    I'm guessing they make a movie, license it to Netflix, and then use bots with stolen Netflix account credentials to pump up the viewing figures, and thus royalties.

    It's foolproof I tell you!

    --
    You are not alone. This is not normal. None of this is normal.
  7. Re:Netflix by sims+2 · · Score: 1

    You could erase my watch list or my viewing history so I don't know what episode of house i'm on. That would be quite annoying.

    Plush really how many netflix accounts can you use at the same time?

    My best bet is they were going after the netflix passwords in hopes that they used the same password elsewhere.

    --
    Minimum threshold fixed. Thanks!
  8. Re:Get today's SLASHDOT DEALS and the /. Newslette by sims+2 · · Score: 1

    Still better than what paypal gives you for sending 5K through their service. For one month they would give you a free hat.. if you asked for one.

    --
    Minimum threshold fixed. Thanks!
  9. Re:Netflix by TheGrimmReaper · · Score: 2

    Many people re-use the same password so in theory, getting someone's netflix password could get you into other sites.

  10. Microsoft shutsdown Microsoft botnet .. by nickweller · · Score: 2

    What Desktop operating System did this Dorkbot botnet run on?

  11. Re:Netflix by ShaunC · · Score: 3, Interesting

    Can someone explain it to me how it hurts the Netflix user's account when it's stolen?

    Depends on your definition of "hurt." By my own definition, it would "hurt" me if Netflix saw my account logging in from some other country and shut it down. Now I have to contact Netflix and see why my account isn't working, maybe spend awhile on the phone swearing up and down that I haven't given my password to some guy in Russia and I promise I'll make a 45-character passphrase. All of this takes time and effort. It's not nearly as severe as having credentials to a bank account stolen, but it's still "harm" as far as I'm concerned.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  12. Re:Hosts + 0.0.0.0 blocking address in front of by barbariccow · · Score: 1

    See subject, & these blocked addresses the dorknet botnet uses for C&C servers:

    0.0.0.0 timeinfo.pl 0.0.0.0 runescape.com

    Why apk no like runescape? It was a fun game 15 years ago, and still some people play it. Good thing I don't let you choose which games I'm allowed to play...