An analysis of Dorkbot’s infection vectors (part 2)
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
An analysis of Dorkbot’s infection vectors (part 2) | |
---|---|
Botnet | Dorkbot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-11-21 |
Editor/Conference | Microsoft Malware Protection Centre |
Link | http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx (Archive copy) |
Author | Horea Coroiu |
Type |
Abstract
“ Dorkbot can also spread automatically, without user interaction. We recently encountered a malicious Java applet that exploits the vulnerability described in CVE-2012-4681 to distribute the Dorkbot worm. We detect the applet as Exploit:Java/CVE-2012-4681.HD. Let's take a closer look at how this exploit works.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1211, editor = {Microsoft Malware Protection Centre}, author = {Horea Coroiu}, title = {An analysis of Dorkbot’s infection vectors (part 2)}, date = {21}, month = Nov, year = {2012}, howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx}}, }