is a detection for shortcut files created by Worm:Win32/Dorkbot, a family of worms that spread via instant messaging and removable drives.
LNK files detected as Worm:Win32/Dorkbot!lnk are commonly found on removable drives, and are used to run a Worm:Win32/Dorkbot executable file also found on the drive. If the user tries to open the shortcut file, it launches the worm executable and also opens an Explorer window. The shortcut file commonly tries to launch the worm executable located in one of the following folders on the drive:
The file name used by Dorkbot is usually generated randomly with a .exe or .jpg extension, for example:
See our family description, Worm:Win32/Dorkbot, for more information.
Analysis by Michael Johnson & Amir Fouda
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.