{
  "family": "dorkbot",
  "sample_count": 86,
  "category": "worm_banker",
  "description": "Dorkbot is a worm and IRC-bot family that propagates through social media links, instant messaging, and removable drives, harvesting credentials and recruiting infected machines into a botnet. Microsoft, Interpol, and partners disrupted Dorkbot infrastructure in 2015 through coordinated takedown. The family remains observed in legacy environments.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [
    "ngrbot"
  ],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Dorkbot?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Dorkbot is a worm and IRC-bot family that propagates through social media links, instant messaging, and removable drives, harvesting credentials and recruiting infected machines into a botnet. Microsoft, Interpol, and partners disrupted Dorkbot infrastructure in 2015 through coordinated takedown. The family remains observed in legacy environments."
      }
    },
    {
      "@type": "Question",
      "name": "How does Dorkbot spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Dorkbot spreads through Facebook and Skype messages with malicious links, USB drives, drive-by downloads, and exploits."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Dorkbot infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Browser credential prompts, blocked access to security websites, IRC traffic to command-and-control servers, and antivirus detections for Dorkbot or NgrBot are common."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Dorkbot on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1091",
    "T1185",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}