A coalition of law enforcement agencies partnered with technology companies and security vendors, including Microsoft, CERT.PL and ESET to take down a ring of over 1 million computers infected with the Dorkbot botnet, according to information provided by Microsoft, Interpol, and ESET.
The coordinated effort “resulted in the takedown of the botnet's main servers and data channels,” according to an Interpol statement.
The participating law enforcement agencies included the Federal Bureau of Investigation, the Department of Homeland Security, Europol, Interpol, and the Royal Canadian Mounted Police, Canadian Radio-television and Telecommunications Commission, the Russian Ministry of Interior Department K, the Indian Central Bureau of Investigation, and the Turkish National Police, INTERPOL stated.
Dorkbot was discovered in April 2011, and gained wider attention in October 2012 after researchers at GFI announced a phishing campaign that spread the malware to Skype users through phoney Skype IMs. Trend Micro wrote in a blog post that Dorkbot (also known as NgrBot) was being used to launch DDoS attacks, steal website login information, and download malware since as early as October 2012.
The malware steals usernames and passwords by monitoring victims' activities online, according to Microsoft. The software giant detected Dorkbot on approximately 100,000 computers per month over the past six months, the Microsoft's malware protection team wrote in a blog post. Once a computer is infected, it is then instructed to download other malware or spread to other computers. In some cases, entire websites were compromised, and delivered the malware to web visitors.
In October, the FBI, UK's National Crime Agency (NCA), Europol's EC3, the Dell SecureWorks Counter Threat Unit (CTU), and others participated in a similar initiative targeting computers infected by the Dridex botnet. Earlier, in April, the FBI, Europol's European Cybercrime Centre (EC3), the Joint Cybercrime Action Taskforce (J-CAT), and Dutch authorities coordinated to take down computers infected by the Beebone botnet.