Dorkbot is a worm and IRC-bot family that propagates through social media links, instant messaging, and removable drives, harvesting credentials and recruiting infected machines into a botnet. Microsoft, Interpol, and partners disrupted Dorkbot infrastructure in 2015 through coordinated takedown. The family remains observed in legacy environments.
This family has been observed using the following ATT&CK techniques: T1091 T1185 T1071.001
Dorkbot is a worm and IRC-bot family that propagates through social media links, instant messaging, and removable drives, harvesting credentials and recruiting infected machines into a botnet. Microsoft, Interpol, and partners disrupted Dorkbot infrastructure in 2015 through coordinated takedown. The family remains observed in legacy environments.
Dorkbot spreads through Facebook and Skype messages with malicious links, USB drives, drive-by downloads, and exploits.
Browser credential prompts, blocked access to security websites, IRC traffic to command-and-control servers, and antivirus detections for Dorkbot or NgrBot are common.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/dorkbot.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.