14 DAY TRIAL // Researchers from security firm McAfee have analyzed the denial-of-service (DOS) botnet known as Nitol and found that the Trojan which powers it was written in C++. Since the code is full of bugs, it’s believed that the developer was either in a hurry, or not a very good programmer.
Since the botnet is mostly operating in China, it’s not so popular in other parts of the world, but it’s still interesting to see how it works and how it communicates.
According to the experts, the Trojan copies itself as an exe file in the Program Files folder as a service called Microsoft Windows Uqdatehwh Service.
Once on a system, the malicious element connects to a command and control server and starts sending performance information of the infected computer.
It’s believed that this data is used by the cybercriminals to estimate the power of their botnet and to help them decide what tasks to attribute to the specific bot. Nitol is used for GenericFlood, HTTPFlood, and RawDataFlood distributed DOS attacks.