NCSC and partners combat Dorifel and related networks

For several days now, the National Cyber Security Centre (NCSC) has been fighting the Dorifel virus, the related malware and the infrastructures used to spread it (a Citadel botnet). Reports received by the NCSC seem to indicate that the spread of Dorifel within organisations has been halted.

The investigation now mainly focuses on the infrastructure that has been used to spread Dorifel, a Citadel botnet, because it is used to spread other malware, such as Zeus, Dorifel and Hermes. In this connection, malware that focuses on stealing bank details are also  investigated. Action is being taken to remove the remaining threat posed by this infrastructure and the malware facilitated on it and to disrupt the criminal operation. For example, internet service providers that use services such as Shadowserver and Spamhaus are provided automatically with information to protect their clients. In addition, various domains that were used for abuse, nationally and internationally, were taken down at the request of the NCSC. And finally, there is an investigation into the perpetrator(s) behind this network.

The NCSC is working closely together with the affected organisations, companies and persons from the cyber security community, the Public Prosecution Service and the Police in order to remove the threat.