Researchers of German security firm G Data have discovered that a bot
builder dubbed "Aldi Bot" is currently being offered for that much on
underground forums. The Aldi Bot Builder appears to be based on the
ZeuS source code. The malware has nothing to do with the discount
supermarket chain and it is not clear why its author chose to name the
bot after Aldi – it is thought it may relate to the bot's discount
pricing.
Company says "We’ve encountered a bot sale, which, in case it finds
followers, can cause a massive glut of malware all over. The so-called
“Aldi Bot” first appeared in late August and has been sold for the
initial price of €10! Parts of the bot’s code oddly look like ZeuS
code…"
The
Aldi Bot can read (saved) passwords from the Firefox web browser,
Pidgin IM client and JDownloader download tool, and send them to a
command and control server which is included in the €10 price tag. The
Aldi Bot can also carry out Distributed Denial-of-Service (DDoS)
attacks, as the bot's author demonstrates with a YouTube video showing
an attack on the German Bundeskriminalamt (equivalent to the UK CID)
web site. The bot can also be set up as a SOCKS proxy to use infected
computers as proxies for protocols of the bot herder's choosing.
Infecting systems with the discount malware does, however, require
additional measures, such as exploit packs on infected web sites.
No comments:
Post a Comment