An analysis of Dorkbot’s infection vectors (part 2)

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

An analysis of Dorkbot’s infection vectors (part 2)
Botnet Dorkbot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-11-21
Editor/Conference Microsoft Malware Protection Centre
Link http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx (Archive copy)
Author Horea Coroiu
Type

Abstract

Dorkbot can also spread automatically, without user interaction. We recently encountered a malicious Java applet that exploits the vulnerability described in CVE-2012-4681 to distribute the Dorkbot worm. We detect the applet as Exploit:Java/CVE-2012-4681.HD. Let's take a closer look at how this exploit works.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1211,
   editor = {Microsoft Malware Protection Centre},
   author = {Horea Coroiu},
   title = {An analysis of Dorkbot’s infection vectors (part 2)},
   date = {21},
   month = Nov,
   year = {2012},
   howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx}},
 }