Microsoft, Law Enforcement Disrupt Dorkbot Botnet

An anonymous reader writes: Microsoft said in a blog post Thursday that it aided law enforcement agencies in several regions to disrupt a 4-year-old botnet called Dorkbot. The botnet aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix and has infected one million computers worldwide. The company didn't provide details on how Dorkbot's infrastructure was disrupted.

Plenty Of Detail

[Anonymous Coward]

The company didn't provide details on how Dorkbot's infrastructure was disrupted.

WTF, they "activated a Coordinated Malware Eradication (CME) campaign, performed deep research, and provided telemetry to partners and law enforcement". There's enough meaningless jargon in there to satisfy even the most buzzword calloused manager.

Re:

[TWX]

I doubt it. The fact that Microsoft OSes get so infected as they do makes me think they simply broke something like the DNS process that the botnet is dependent on. For all we know, they haven't actually disabled the botnet, just taken control over it.

Re:

[TheRealMindChild]

They do this pretty often. It is the "Malicious software removal tool" and it has been part of updates via Windows Update for bloody forever (as far back as XP, anyway)

Re:

[LifesABeach]

The most interesting coincidence is that in all cases, Microsoft is involved at some point. When will the D.O.J. consider that?

Re: Netflix

[Anonymous Coward]

More than likely that many Netflix users have the same password on their TV account as their checking account.

Re:

[Sowelu]

They could rate things weird and make you see all kinds of bizarre recommendations.

Re:

[Sowelu]

Realistically though--they can steal some personal information, like name and probably your billing addresses, and they possess a username that is likely to be in use somewhere else. With a username, real names and a billing address, you have enough information to start socially engineering your way into other things.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[sims 2]

You could erase my watch list or my viewing history so I don't know what episode of house i'm on. That would be quite annoying.

Plush really how many netflix accounts can you use at the same time?

My best bet is they were going after the netflix passwords in hopes that they used the same password elsewhere.

Re:

[TheGrimmReaper]

Many people re-use the same password so in theory, getting someone's netflix password could get you into other sites.

Re:Netflix

[ShaunC]

Can someone explain it to me how it hurts the Netflix user's account when it's stolen?

Depends on your definition of "hurt." By my own definition, it would "hurt" me if Netflix saw my account logging in from some other country and shut it down. Now I have to contact Netflix and see why my account isn't working, maybe spend awhile on the phone swearing up and down that I haven't given my password to some guy in Russia and I promise I'll make a 45-character passphrase. All of this takes time and effort. It's not nearly as severe as having credentials to a bank account stolen, but it's still "harm" as far as I'm concerned.

The opportunity presented itself...

[Drewdad]

...while Dorkbot's operator was trying to decipher Microsoft's new core-based licensing structure.

Re:

[zlives]

more likely windows 10 telemetry helped in locating, dissecting and disinfecting the botnet without compromising privacy in any way.

Re:

[sims 2]

Still better than what paypal gives you for sending 5K through their service. For one month they would give you a free hat.. if you asked for one.

Microsoft shutsdown Microsoft botnet ..

[nickweller]

What Desktop operating System did this Dorkbot botnet run on?

Re:

[barbariccow]

See subject, & these blocked addresses the dorknet botnet uses for C&C servers:

0.0.0.0 timeinfo.pl 0.0.0.0 runescape.com

Why apk no like runescape? It was a fun game 15 years ago, and still some people play it. Good thing I don't let you choose which games I'm allowed to play...