An analysis of Dorkbot’s infection vectors (part 2)

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

An analysis of Dorkbot’s infection vectors (part 2)
Botnet Dorkbot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-11-21
Editor/Conference Microsoft Malware Protection Centre
Link http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx (Archive copy)
Author Horea Coroiu
Type

Abstract

Dorkbot can also spread automatically, without user interaction. We recently encountered a malicious Java applet that exploits the vulnerability described in CVE-2012-4681 to distribute the Dorkbot worm. We detect the applet as Exploit:Java/CVE-2012-4681.HD. Let's take a closer look at how this exploit works.

Bibtex

 @misc{Coroiu2012BFR1211,
   editor = {Microsoft Malware Protection Centre},
   author = {Horea Coroiu},
   title = {An analysis of Dorkbot’s infection vectors (part 2)},
   date = {21},
   month = Nov,
   year = {2012},
   howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx}},
 }