Getting some better insight on Dorifel/XDocCrypt

Remember the outbreak of Dorifel and the Dorifel aftermatch ?

Robert Lipovsky, a malware researcher at ESET did some additional digging and found some interesting info with the following conclusion:

As has become common practice in the world of malware, the Win32/Quervar virus family implements several techniques, which have already been observed elsewhere. It is part of a bigger “operation”, forms a botnet, and is able to perform tasks sent from the C&C server, and to download and execute other malware. It is not unlikely that the virus botnet operator provides this as a service to other cyber criminals. Furthermore, as David Harley mentions, it has attracted the attention of telephone support scammers.


Link to the complete article


Sources (English)