Tuesday , December 6 2016
Home / News / Password-stealing ‘dorkbot’ prowling in Indian cyberspace

Password-stealing ‘dorkbot’ prowling in Indian cyberspace

Password_6

New Delhi :Cyber security sleuths have alerted Indian internet users against the malicious activity of an online virus called ‘dorkbot’ which perpetrates itself through social networking sites and steals sensitive personal data and passwords of a user.

The malware, a variant of online virus and worm, has been specifically seen affecting operating systems running on Windows in the recent past.

“It has been observed that the variants of malware named as ‘dorkbot’ targeting windows operating systems, are spreading.

“The malware belongs to the family of worms having backdoor functionality and spreads through various vectors including drive-by-download attacks, social networking sites and compromised websites with browser exploits via removable drives in the form of auto-run exploits or by means of malicious links in instant messaging chats or internet relay chats,” a latest advisory issued by the Computer Emergency Response Team of India (CERT-In) said.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian internet domain.

The deadly virus, with almost a dozen aliases, is capable of stealing sensitive information from infected machine including stored passwords, browser data, cookies and has a smart and lethal potential to take complete control of the affected system, it said.

The cyber security agency said the malware can hide itself by over-writing, can collect system information such as OS (operating system) information, user privileges and apps installed on the system and can act to aid remote access of the infected machine to an attacker.

It destructs and infects a system by acquiring fake identities of Facebook, Skype or any other social media platform and lowers its immunity against a potential virus attack.

“To hide itself from detecting by anti-virus solutions, the malware injects its code into files like cmd.exe, ipconfig.exe, regedit.exe, regsvr32.exe, rundll32.exe, verclsid.exe and explorer.exe,” the advisory said.

PTI

Read Also

Rape victim

2010 rape case: Delhi man discharged as FIR lodged 6 years later

8