Popular Windows downloader has secret DDoS capability

Unbeknownst to its users and perhaps even to its developers, the popular Windows download manager Orbit Downloader has been outfitted with a DDoS component.

The Orbit Downloader has been around since 2006. That and the fact that it is available for download for free (although bundled with some potentially unwanted applications) has made it popular with many, many users.

The DDoS component has been discovered by ESET researchers while doing a routine examination of the software, and subsequent analysis of previous versions has shown that it was added to orbitDM.exe sometime between the release of version 4.1.1.14 (December 25, 2012) and version 4.1.1.15 (January 10, 2013).

The thing functions like this: the installed software contacts Orbit Downloader’s server (at orbitdownloader.com) to download a configuration file containing a list of target URLs and IP addresses, and a Win32 PE DLL file to perform the attack against them.

SOURCE: net-security.org