Post Reply 
Orbit Downloader executes DDoS attack, claims ESET
Author Message
ZiNgA BuRgA
Smart Alternative

Posts: 17,023.4213
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.0333
Offline
Post: #1
Orbit Downloader executes DDoS attack, claims ESET
Heads up for those using this application.

Quote:Researchers at security software company ESET have found a remotely-updating DDOS functionality built into a popular Windows download manager, Orbit Downloader.

The DDOS function appears to have been in the program for some time. When the orbitdm.exe program is run, it starts a series of communications with the servers at orbitdownloader.com, the end result of which is that the client system silently downloads via HTTP a Win32 PE DLL and a configuration file containing a list of URLs and a randomly-generated IP address for each.

This program and the list are used to conduct either a SYN flood attack or a wave of HTTP connection requests on port 80 (the HTTP port) and UDP datagrams on port 53 (DNS). The IP address that accompanied the URL in the config file is used as the source address for the attack.

[...]

ESET expresses surprise that such an attack would be included in such a popular program. It is a distinct possibility that the company's web site has been compromised by an outside attacker who is using it and the software unbeknownst to the proprietors of Orbit Downloader.

At the time of this writing, a vulnerable version (4.1.1.18) was still available for download on the company's site, and the URLs used for downloading the attack code and config file were still live.
Source: http://www.zdnet.com/eset-reports-trojan...000019760/
(This post was last modified: 25/08/2013 05:15 PM by ZiNgA BuRgA.)
25/08/2013 05:14 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

 Quick Theme: