G DATA supports BKA in fight against cyber criminals

Share Article

Germany-based cyber security experts provide free tool for removing Dropperbot, after it has infected 11,000 computers across the world.

Cyber Criminals

"With the Dropperbot Cleaner tool, we are providing users with an independent program for tracking down the malware files and disinfecting compromised computers,"

According to initial reports, the Dropperbot malware has infected 11,000 computers across the world (1) – around half of these in Germany. The Federal Criminal Police Office (BKA) has shut down the botnet and halted distribution of the malware. The malware was being distributed on Usenet in apparently innocuous files and was installed on the computer by opening the file. The malware steals sensitive data from social networks and access data for online services, intercepts keyboard input and takes screenshots. This data is then forwarded to predefined addresses. Now that the perpetrators have been arrested, all that remains to do is clean up the PCs. G DATA is providing all computer users with a free tool to detect and remove Dropperbot. The tool works independently of any installed AV software. G DATA security solutions detect the malware and protect against infection.

G DATA Dropperbot Cleaner tool
The G DATA Dropperbot Cleaner detects and removes the malware. It does so by identifying autostart entries in the registry as well as Dropperbot itself. The system is then cleaned up. However, as it is possible that additional malicious software is located on the system, G DATA security experts recommend a full scan of the computer using a comprehensive antivirus program.

How Dropperbot gets onto the PC
The malware was being hidden and distributed in apparently innocuous files on Usenet, a data and file sharing platform. Being suitably disguised, it actually consisted of executable files that downloaded malware to the PC after clicking to open them. Users who have not enabled the file extension display would not have seen the ".exe" ending and so would have been fooled by the icons used by the perpetrators.

Additional malware spies on users
The experts at G DATA SecurityLabs are aware of two different malware files that the downloader transfers onto infected PCs. Both files can be called stealers, their main task being to steal data from infected devices. One of the stealers is available on underground forums for around US$ 35 (about 30 Euros). Both malware files read data from social media and online services. The stealers also store keyboard input and generate screenshots. The data collected is then sent to addresses predefined by the attackers.

The free tool can be downloaded here: https://www.gdata.de/rdk/dl-de-dropperbotcleaner

Detailed information is available on the G DATA Security Blog:
https://blog.gdatasoftware.com/blog/article/bka-strikes-a-blow-against-botnet-operators.html

(1) Source: BKA Press Release dated 12/30/2014 (in German) on http://www.bka.de
or G DATA Press Release dated 1/9/2015: https://www.gdatasoftware.com/newsroom/news/article/g-data-supports-bka-in-fight-against-cyber-criminals.html

About G DATA
IT security was invented in Germany: G DATA Software AG is the antivirus pioneer. It was 30 years ago that the company, founded in Bochum, in 1985, developed the first program to combat computer viruses. These days, G DATA is one of the world's leading providers of IT security solutions.
For sales inquiries in North America please contact http://www.contronex.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Thorsten Urbanski
Contronex, Inc.

Follow us on