14 DAY TRIAL // Romanian antivirus vendor BitDefender warns that a piece of malware designed for DDoS is being distributed as a Java update.
"We have recently come across this type of malware dissembling as a regular update to the Java platform," BitDefender's Loredana Botezatu writes.
"Closer investigation on the file revealed more than meets the eye: a carefully-crafted piece of malware that is extremely viral [...] and can be used as a powerful tool to initiate distributed denial-of-service attacks," the security expert adds.
In addition to being distributed from legit compromised websites, the piece of malware, which BitDefender detects as Backdoor.IRCBot.ADEQ, is capable of spreading itself through a variety of methods.
These include copying itself to folders shared by default by certain P2P applications, infecting USB drives, copying itself to network shares and sending itself via Windows Messenger or e-mail.
The trojan is designed to uninstall other DDoS bots including Cerberus, Blackshades, Cybergate, or the OrgeneraL DDoS Bot Cryptosuite which infect winlogon.exe, csrss.exe and services.exe.
The botmasters can schedule the bot to launch DDoS attacks against particular URLs at particular times, for predefined intervals of times and with a specific frequency of requests.
This capability suggests that the bot's creators might be running a pay-for-DDoS or botnet-for-hire business. Such activities are profitable and there are big botnets constructed particularly for this purpose. Some of them are controlled by paying customers via complex web interfaces.
Despite the high resource use associated with this type of malware, remaining undetected is a priority for this trojan's creators. "The bot also tries to prevent the user from noticing that the Trojan is constantly sending data to the Internet. It successfully adds itself to the list of authorized applications in the Windows Firewall, and tries to kill firewall alerts issued by antivirus solutions when they pop up," the BitDefender expert warns.