The malicious component was added between December 2012 and January 2013

Aug 23, 2013 08:13 GMT  ·  By

Security researchers from ESET have uncovered something interesting while performing an analysis of Orbit Downloader, the fairly popular file download web browser add-on developed by Innoshock.

The experts have analyzed Orbit Downloader to determine if it can be classified as a Potentially Unwanted Application (PUA).

The application generates revenue for the developer by displaying ads and being bundled with all sorts of third-party software. This is common for many downloaders, but what ESET researchers have uncovered is not.

They’ve found that sometime between December 25, 2012 (version 4.1.1.14) and January 10, 2013, (version 4.1.1.15) a malicious component was added to the main executable file orbitdm.exe.

This new component actually turns the application into a distributed denial-of-service (DDOS) tool.

“Given the age and the popularity of Orbit Downloader (it is listed as one of the top downloads in its category on several popular software web sites) this means that the program might be generating gigabits (or more) of network traffic, making it an effective tool for Distributed Denial of Service (DDoS) attacks,” ESET’s Aryeh Goretsky noted.

“On a test computer in our lab with a gigabit Ethernet port, HTTP connection requests were sent at a rate of about 140,000 packets per second, with falsified source addresses largely appearing to come from IP ranges allocated to Vietnam,” Goretsky added.

At least a couple of threads covering this topic have been created on the official Orbit Downloader forum, but so far there’s no response from the developer.

Until the issue is sorted, Orbit Downloader is no longer available for download from Softpedia. ESET products have been updated to detect (Win32/DDoS.Orbiter.A) and neutralize the malicious version of the app.

We have reached out to Innoshock in hopes that they can clarify the issue. In the meantime, users are advised to uninstall the application.