The Dorkbot worm, which first appeared in 2011 and has since been spreading via removable drives, IM programs and social networks, is currently targeting Facebook users.
According to Bitdefender reports, over 9,000 malicious links pointing to the malware have been detected in 24 hours.
The worm is delivered to potential victims via a chat message that appear to be coming from a friend and, at first glance, the link looks like it should take users to a regular JPG image file hosted on MediaFire.
But the file is actually an executable, and once run, it infects the targets’ computer, tries to prevent the installed AV solution(s) from applying security updates, and then lies in wait, spying on the victims’ browsing activities and stealing their personal details and login credentials.
The IRC-based Dorkbot receives commands from a C&C server, and is capable not only of making the computer participate in DDoS attacks, but also of downloading additional malware.
Technical details can be found on bitdefender website : http://www.bitdefender.com/VIRUS-1000651-en–Backdoor-IRCBot-Dorkbot-A.html
Screenshot of malware : http://www.firsthacknews.com/wp-content/uploads/2013/05/dorkbot.png
