NGRBot

NGRBot is an alias for Dorkbot, a family of worms that malware researchers previously analyzed throughout 2011 and 2012. However, new variants of NGRBot or Dorkbot have been spotted that include additional capabilities for harming your computer. Standard NGRBot attacks have included backdoor exploits, botnet-based DDoS functions and and website-blocking browser hijacks, but NGRBot's latest version appears to have been updated to include spyware attacks. These attacks steal private information from a large range of popular sites and account services, and PC users should take particular care to protect their personal information from being compromised by NGRBot infections. Removable devices and spam e-mail messages are especially at risk of serving as infection vectors for NGRBot, which should be removed by anti-malware software whenever NGRBot does succeed in installing itself on your computer.

That E-Mailed Image Doesn't Have Anything to Show You But NGRBot Infections

Variants of NGRBot have been prominent in their usage of social engineering-related spam attacks to access new PCs. While old attacks by NGRBot used social networking sites like Facebook to send their malicious links, the most recent NGRBot infection vectors use e-mail spam. These e-mail messages are designed to look like notifications from Skype and include a fake link that downloads NGRBot. NGRBot's installation file also uses the Skype icon.

Versions of NGRBot that are distributed through e-mail have been found to include additional capabilities beyond the default NGRBot or Dorkbot payloads. SpywareRemove.com malware research team has found that NGRBot attempts to monitor online information transactions and steal personal data, such as passwords or other account credentials, from a range of websites. Websites that NGRBot targets include (but aren't limited to):

• AOL
• Dotster
• Ebay
• Facebook
• FastMail
• Gmail
• Godaddy
• Megaupload
• Paypal
• The Pirate Bay
• Twitter
• Yahoo

Examining the Full Breadth of NGRBot's Parasitism

NGRBot also may be used to force your PC to engage in traffic-flooding attacks that crash websites, block websites that you try to access or become complicit in distributing copies of NGRBot with spam. Poor system performance is the most likely indirect symptom of these NGRBot attacks, although SpywareRemove.com malware experts note that you may not see any signs of NGRBot at all. As a worm, NGRBot also may infect removable devices, and you should avoid sharing any USB thumb drives or similar devices until you've removed NGRBot from your computer.

NGRBot is a relatively well-distributed PC threat, and its e-mail attacks have been found to include misleading text in multiple languages such as French, German, English and Italian. As the simplest protection against NGRBot, SpywareRemove.com malware researchers caution against following unusual e-mail links or launching files before scanning them with appropriate security software. If your PC does become infected, anti-malware programs can be used to delete all copies of NGRBot.

Technical Details