Jump to content


Fake Java Update uses your PC in DDoS Offensive

  • Please log in to reply
No replies to this topic

#1 cnm


    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 July 2011 - 10:10 AM

"Backdoor.IRCBot.ADEQ is a Trojan disguised as a Java update. It is extremely “contagious”, as it can be downloaded from a multitude of locations, most of them being legit websites that have been infected by the tool.

The Trojan seems to have a dedicated infection technique for each PC user: the malware can also spread via P2P shared folders, USB drives, Local Area Networks, MSN, or even send itself via e-mail messages, if the system has Outlook Express installed.

"Backdoor.IRCBot.ADEQ uses private messages in order to communicate with its master, who sends the bot an assortment of commands, including the URL of a particular website the malware needs to flood. The crook can also transmit the Trojan precise instructions such as the hour, the exact time frame and the frequency of requests that need to be executed from the compromised PC.

On top of that, the bot proceeds to uninstalling other bots such as Cerberus, Blackshades, CyberGate, or OrgeneraL DDoS Bot Cryptosuite if found injected into winlogon.exe, csrss.exe and services.exe. This is an essential step for the bot to ensure that the user doesn’t suspect any malicious activity on the computer, as well as to ensure that all the other pieces of malware racing for network bandwidth won’t get it.

Plus, the bot also tries to prevent the user from noticing that the Trojan is constantly sending data to the Internet. It successfully adds itself to the list of authorized applications in the Windows Firewall, and tries to kill firewall alerts issued by antivirus solutions when they pop up.
Botnets are universal tools of trade. They are highly-priced instruments that can do practically anything, from generating revenue through advertisement fraud, to providing tremendous amounts of bandwidth in DDoS attacks against governments. In most of the cases, these attacks can only be traced to the victim’s computer.

A company might also get blackmailed and asked to pay a specific amount of money, or their servers will automatically be flooded with connection requests which it will be unable to answer, causing it to collapse. In the meanwhile, the company loses potential customers and, implicitly, money....."

Always get your Java updates directly from Sun and be sure to remove the older versions - they pose a vulnerability even if not used.
Updating Java:
  • Go
    and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

Member of UNITE
Support SpywareInfo Forum - click the button