FYI...Fake Java Update uses victim PC's in DDoS
20 July 2011 - "Software patches, allegedly missing codecs and Flash Player or Java updates have been quite often used as baits in order to lure computer users into installing malware
. We have recently come across this type of malware dissembling as a regular update to the Java platform. Closer investigation on the file revealed more than meets the eye: a carefully-crafted piece of malware that is extremely viral (i.e. spreads using an array of media) and can be used as a powerful tool to initiate distributed denial-of-service attacks. This e-threat seems to be in-sync with the canvas of on-line attacks we’ve been witnessing lately, especially those attributed to the independent hacktivist groups, such as Anonymous or their spin-off (and now defunct) organization called LulzSec. Both groups made a habit of targeting a wide range of institutions, including companies and government organizations not as much for money but as part of their “Antisec” credo. Backdoor.IRCBot.ADEQ is a Trojan disguised as a Java update
. It is extremely “contagious”, as it can be downloaded from a multitude of locations, most of them being legit websites that have been infected by the tool... Backdoor.IRCBot.ADEQ uses private messages in order to communicate with its master, who sends the bot an assortment of commands, including the URL of a particular website the malware needs to flood... On top of that, the bot proceeds to uninstalling other bots such as Cerberus, Blackshades, CyberGate, or OrgeneraL DDoS Bot Cryptosuite if found injected into winlogon.exe, csrss.exe and services.exe. This is an essential step for the bot to ensure that the user doesn’t suspect any malicious activity on the computer, as well as to ensure that all the other pieces of malware racing for network bandwidth won’t get it. Plus, the bot also tries to prevent the user from noticing that the Trojan is constantly sending data to the Internet. It successfully adds itself to the list of authorized applications in the Windows Firewall, and tries to kill firewall alerts issued by antivirus solutions when they pop up. This makes Backdoor.IRCBot.ADEQ an efficient DDoS tool
to be used by an attacker to take down sites or hinder the activity of a particular company...In the recent security landscape, Anmonymous and LulzSec have launched a couple of DDoS attacks against high-profile institutions. While the open-source Low-Orbit Ion Cannon tools have played a role in orchestrating the incident, most of the power was provided by botnets, as most permanent members of the organization “herd” botnets ranging between 5 and 30,000 infected machines. Botnets are universal tools of trade... A company might also get blackmailed and asked to pay a specific amount of money, or their servers will automatically be flooded with connection requests which it will be unable to answer, causing it to collapse. In the meanwhile, the company loses potential customers and, implicitly, money."Hat-tip to cnm @ spywareinfoforum.com for the link...