Attention Botnet Shoppers

Thursday, September 22, 2011 @ 04:09 PM gHale


It doesn’t get any easier: Buy the discounted botnet, input the C&C server name and you are configured and ready to attack.

A functional botnet builder, called Aldi Bot, is available on underground forums for $13.50 (€10), said anti-virus vendor G Data. The company said the Aldi Bot Builder appears works off the ZeuS source code. The malware has nothing to do with the discount supermarket chain and it is not clear why its author chose to name the bot after Aldi, although it may relate to the bot’s discount pricing.

RELATED STORIES
Trojans, Mules, Mean Big Payoff
More Linux Attacks
Compromised Sites Distributing Trojan
A Trojan Distribution Network

The Aldi Bot can read (saved) passwords from the Firefox web browser, Pidgin IM client and JDownloader download tool, and send them to a command and control server which is included in the low, low discount price tag. The Aldi Bot can also carry out Distributed Denial-of-Service (DDoS) attacks, as the bot’s author demonstrated with a YouTube video showing an attack on the German Bundeskriminalamt web site.

The bot can also be set up as a SOCKS proxy to use infected computers as proxies for protocols of the bot herder’s choosing. Infecting systems with the discount malware does, however, require additional measures, such as exploit packs on infected web sites.

G Data reports up-to-date anti-virus software will detect the basic Aldi Bot. Malware authors often get around this by using special zip protocols or crypt tools.

The author of the bot explains the low price of “the people’s bot” by saying that he is not interested in money, but only in programming, G Data researchers said. Despite the low price, the product package even includes IM support, allowing the author to explain bot installation and operation to non-specialists and “script kiddies.”



Leave a Reply

You must be logged in to post a comment.