Old Dorkbot malware resurfaces
Old banking malware called Dorkbot has reemerged in 2018 and has become a serious threat. Samples of the 6 year old malware are now ranked as one of the biggest banking malware headache in 2018. Dorkbot, a known malware that goes back to 2012,is back on the top banking malware threats of 2018. Dorkbot was used by hackers to target Skype, Facebook and Twitter users. The original version tried to con victims into downloading a malicious .Zip file with a message "Lol is this your new profile pic?" Victims who opened the .zip attachment were locked out of their PC, roped into a botnet and their contacts were all sent the malicious .zip and profile picture message.
The malware has evolved over the years. Today, Dorkbot is a trojan that steals a user's credentials using web-injects that are activated as a user tries to login to their banking website. Dorkbot, has been modified to allow hackers to execute doe remotely along with the ability to steal sensitive banking information. It uses a new code injection technique called Early bird, which helps it avoid detection by anti-malware security products.
Last year, the top banking malware threats were Ramnit ( 20 percent ), Zeus ( 16 percent ) and Tinba ( 11 percent ). Dorkbot wasn't even on the list in 2017. This year, with the consolidation of the banking malware market, the top three banking malware samples make up 65 percent of all the banking malware. For the first half of 2018, Ramnit is still at the top with 27 percent followed by Dorkbot with 25 percent and Zeus with 13 percent.