Orbit Downloader hacked, turns users into DDoS botsAugust 23, 2013 – 5:03 AM
Denial of service attack capabilities have been found in popular media program Orbit Downloader.
The Windows program integrated into web browsers and was downloaded more than 1.5 million times from website Softpedia and 18,000 times last month alone from rival Softonic. It was still available for download on these sites.
But Eset researchers led by Aryeh Goretsky said the program appeared to have been compromised since late 2008 – infecting users December last year – with a script that turned user machines into zombie nodes for distributed denial of service (DDoS) of service attacks.
“Given the age and the popularity of Orbit Downloader means that the program might be generating gigabits or more of network traffic, making it an effective tool for DDoS attack,” Goretsky said in a post.
“Sometime between the release of version 184.108.40.206 and version 220.127.116.11, an additional component was added to orbitdm.exe, the main executable module for Orbit Downloader.