Orbit Downloader found capable of DDoS activity
Orbit Downloader is an application which enables users to download content from internet faster. In addition, with the help of this program, some files which are normally not available for download like Youtube or Vimeo videos, can be saved on users HDD. However, using Orbit Downloader has a downside too. Security experts at ESET have found out that the latter program has remotely updating distributed-of-service attack capability.
The malicious activity of the program was discovered in May 2013, during a routine check of the software conducted by ESET. As a result of the dangerous findings, security experts recommend removing the Orbit Downloader. Aryeh Goretsky explained us how the malicious feature works. According to him, the Orbit Downloader, in addition to the usual download manager capabilities, can take over PC’s network connection and employ it for its own needs. When the program has control of network connection, blasts of data could be delivered to targeted computers.
If this type of attack is conducted by a single device, it is called Denial-of-service. When the number of computers performing this kind of action is vast e.g. thousands or tens of thousands, then it is called distributed denial-of-service.
ESET reported that two different types of attacks were registered. One of them is a DDoS attack that security experts call SYN. It delivers a big number of SYN requests to a targeted device in order to disrupt the system’s work, and make it unresponsive. The other reported attack involved TCP packs, which were sent containing HTTP connection requests. When the latter attack is performed, user’s network connection becomes very slow. Goretsky was quick to add that Orbit Downloader is not used as an attack tool every single time the program is launched.
Goretsky also stated that the Orbit Downloader was updated not long ago. The updates enabled the program to be more specific concerning the amount of computers conducting the attack. However, reasons why this improvement was done are still unclear.
Various targets were attacked using the Orbit Downloader. The ESET research team investigated the attacks aimed at KKK website and some Vietnamese domains. According to Goretsky the strategy adapted by the developers of Open Downloader is unique. ESET expert has encountered applications which were affected unintentionally, or used maliciously many times, but he rarely discovers programs with an attack code added into them, not to mention the fact that the software is being constantly updated.
ESET research team has discovered that the Orbit Downloader is not a malicious program from the very start. The DDoS functionality is acquired only when the program is updated because only then an attack module is downloaded and installed. The malicious code is provided by the developer’s website. After that, users might notice that the program’s behavior has changed. Furthermore, it will continue to update its malicious module.
Unfortunately, Orbit Downloader could become even more dangerous with some additional programming. According to Goretsky, code of this program could be manipulated easily in order to convert the application into ransomware or adware. In fact, the Orbit Downloader could be modified to become any type of malware. Although this software was developed a while ago, the malicious capabilities were not discovered until this year. Goretsky reassured that ESET will continue the surveillance the activities associated with Orbit Downloader. Moreover, the company is planning on investigation concerning other programs developed by Innoshock, which is a company behind the Orbit Downloader app.
Goretsky also noted that ESET has yet to receive any answers from the Innoshock concerning the malicious activities of Orbit Downloader.