SecurityHome.eu Worm:Win32/Dorkbot!lnk

Home / malware PDF

Worm:Win32/Dorkbot!lnk

First posted on 11 April 2019.
Source: Microsoft
Aliases :
There are no other names known for Worm:Win32/Dorkbot!lnk.
Explanation :
Worm:Win32/Dorkbot!lnk is a detection for shortcut files created by Worm:Win32/Dorkbot, a family of worms that spread via instant messaging and removable drives.

LNK files detected as Worm:Win32/Dorkbot!lnk are commonly found on removable drives, and are used to run a Worm:Win32/Dorkbot executable file also found on the drive. If the user tries to open the shortcut file, it launches the worm executable and also opens an Explorer window. The shortcut file commonly tries to launch the worm executable located in one of the following folders on the drive:

ecycler AdobeReader

The file name used by Dorkbot is usually generated randomly with a .exe or .jpg extension, for example:

0xd80a89c7.exe DSCI5271.jpg

See our family description, Worm:Win32/Dorkbot, for more information.

Analysis by Michael Johnson & Amir Fouda
Last update 11 April 2019

TOP

Malware :

Last 20