DDoS bot masquerades as Java update

An especially virulent Trojan variant with DDoS capabilities has been spotted masquerading as a regular Java update and is being served both from legitimate and malicious sites, says BitDefender’s Loredana Botezatu.

The Trojan uses a number of infection techniques to assure itself of being spread far and wide – it can spread via USB drives, LANs, P2P networks, MSN and even send itself via email if Outlook Express is present on the computer.

Botezatu says that this particular Trojan is likely being used by bot herders who offer the services of their botnets in exchange for money.

In order to keep the victims from suspecting that their computer is infected, it uninstalls other bots (Cerberus, Blackshades, CyberGate, or OrgeneraL DDoS Bot Cryptosuite) if it finds them on the targeted computer.

It also adds itself to the list of authorized applications in the Windows Firewall so as not to trigger it, and tries to kill alerts issued by antivirus solutions (if present).

The communication between the bot and its master is executed via private messages. The bot master can schedule the activity of the Trojan by sending instructions detailing the hour and intensity of the attack and the targeted URL.