1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Ddos Bot Hides As Java Update

Discussion in 'Security Updates' started by starbuck, Jul 20, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Romanian antivirus vendor BitDefender warns that a piece of malware designed for DDoS is being distributed as a Java update.

    "We have recently come across this type of malware dissembling as a regular update to the Java platform," BitDefender's Loredana Botezatu writes.

    "Closer investigation on the file revealed more than meets the eye: a carefully-crafted piece of malware that is extremely viral [...] and can be used as a powerful tool to initiate distributed denial-of-service attacks," the security expert adds.

    In addition to being distributed from legit compromised websites, the piece of malware, which BitDefender detects as Backdoor.IRCBot.ADEQ, is capable of spreading itself through a variety of methods.

    These include copying itself to folders shared by default by certain P2P applications, infecting USB drives, copying itself to network shares and sending itself via Windows Messenger or e-mail.

    The trojan is designed to uninstall other DDoS bots including Cerberus, Blackshades, Cybergate, or the OrgeneraL DDoS Bot Cryptosuite which infect winlogon.exe, csrss.exe and services.exe.

    The botmasters can schedule the bot to launch DDoS attacks against particular URLs at particular times, for predefined intervals of times and with a specific frequency of requests.

    This capability suggests that the bot's creators might be running a pay-for-DDoS or botnet-for-hire business. Such activities are profitable and there are big botnets constructed particularly for this purpose. Some of them are controlled by paying customers via complex web interfaces.

    Despite the high resource use associated with this type of malware, remaining undetected is a priority for this trojan's creators. "The bot also tries to prevent the user from noticing that the Trojan is constantly sending data to the Internet. It successfully adds itself to the list of authorized applications in the Windows Firewall, and tries to kill firewall alerts issued by antivirus solutions when they pop up," the BitDefender expert warns.



    Source:
    http:/ ews.softpedia.com ews/DDoS-Bot-Hides-as-Java-Update-212583.shtml
     
    starbuck, Jul 20, 2011
    #1

Share This Page