Wednesday, December 28, 2011

DorkBot.Bx and its characteristics

As has become a schedule, beginning of each year and the end of the year, the makers of malware is usually 'release newest product' form of malware variants that have new ways of infecting computers. It also occurs at the end of this year where a new malware being intensively spread this month.

This malware is detected as Trojan.Generic.KD.440xxx or W32.Dorkbot.Bx. If the previous ones spread BitCoinMiner trojans and trojan variant Kolab, this variant is the 'new incarnation' of BitCoinMiner trojan trojan that uses methods Kolab. This is a group of trojan / backdoor designed to steal information or data of computer users, especially matters related to personal financial data, which is associated with internet banking. Just like trojans BitCoinMiner, DorkBot.Bx variant also has the ability to record information / data relating to personal data such as usernames, passwords, credit cards, and others. Not only that, the computer that is infected with a trojan was used as a tool for solving participated blocks BitCoin cryptography using BitCoin account of the owner of the trojan.
That was a bit of information about DorkBot.Bx, now we need to know how the characteristics of the computer has been infected by this malware. Here are some characteristics of the infected computer DorkBot.Bx:

1. CPU 100%

DorkBot.Bx will make the CPU becomes sluggish. Shows the percentage of CPU usage 100%. This is because the activities of trojans that attempt to break the cryptographic block BitCoin and actively trying to make sending data.

2. Wasteful of bandwidth

Not only is making a slow computer where the CPU usage to 100%, another thing to note is the activity of Internet bandwidth. This is because the result of trojans DorkBot.Bx makes your bandwidth to be extravagant.

3. Hiding a folder on a USB drive or removable disk

Not different from its predecessor, BitCoinMiner trojan, trojan DorkBot.Bx was also doing the same thing is to hide the folders on the USB or removable disk and create a shortcut similar false name of the folder. It seems the trend shortcut also inspire trojan DorkBot.Bx

4. Connecting to Server BitCoin

Trojan DorkBot.Bx attempt to connect to Server BitCoin to perform cryptographic delivery BitCoin blocks malware authors use the account on BitCoin. This is advantageous because the manufacturer can quickly and easily perform cryptographic blocks BitCoin through the help of computers already infected.

5. Connect to IRC / Remote Server

Trojan DorkBot.Bx also attempt to connect to IRC / Remote Server for the delivery of computer users BitCoin information required by the malware authors.

6. Downloading files malware

In order to simplify the action, trojans DorkBot.Bx also to download some specific malware files from IRC / Remote Server in order to stay updated and are not easily recognizable by the antivirus. Files of different malware is what sometimes makes it difficult to detect the presence of antivirus trojan DorkBot.Bx.

7. Downloading files Certificate Authority (CA)

Basically, the Certificate Authority (CA) is used in online payment transactions such as banks, PayPal, and thousands of other sites that use the SSL protocol. By downloading the file CA, malware makers want to ensure that victims of infected computers already have updated so that CAs can transact safely BitCoin.

8. Transfer data have been obtained

The main objective of the trojan DorkBot.Bx is getting information from the user's computer that is infected.

9. Open various ports

DorkBot.Bx Trojan also opens various ports on the victim's computer to be able to easily connect to the IRC / Remote Server, and perform various actions with impunity.

10. Adopting Facebook Chat

This method is probably the most common users. DorkBot.Bx provide a URL link that has been converted into a short, so users will be easily fooled. If the link is opened, then the user will download a file using the file name and icon are quite 'sexy'.

Another characteristic is to modify the registry and create some files to infect computers. In order to directly active when the user connects the USB or removable drives, trojans DorkBot.Bx exploit security holes of Windows is Windows Icon handler that makes the shortcut from the trojan file will be active once to access the drive.