Malware for everyone - Aldi Bot at a discount price

It doesn't get much simpler than this: entering the C&C server name is all the configuration required In a blog posting, anti-virus vendor G Data is reporting that a functional botnet builder, dubbed the Aldi Bot, is available on underground forums for just €10. The company says that the Aldi Bot Builder appears to be based on the ZeuS source code. The malware has nothing to do with the discount supermarket chain and it is not clear why its author chose to name the bot after Aldi – it is thought it may relate to the bot's discount pricing.

The Aldi Bot can read (saved) passwords from the Firefox web browser, Pidgin IM client and JDownloader download tool, and send them to a command and control server which is included in the €10 price tag. The Aldi Bot can also carry out Distributed Denial-of-Service (DDoS) attacks, as the bot's author demonstrates with a YouTube video showing an attack on the German Bundeskriminalamt (equivalent to the UK CID) web site. The bot can also be set up as a SOCKS proxy to use infected computers as proxies for protocols of the bot herder's choosing. Infecting systems with the discount malware does, however, require additional measures, such as exploit packs on infected web sites.

The C&C server allows the bot herder to query and control the bots remotely G Data reports that the basic Aldi Bot is detected by up-to-date anti-virus software. Malware authors often get round this by using special zip protocols or crypt tools. According to G Data, the author of the bot explains the low price of "the people's bot" by saying that he is not interested in money, but only in programming. Despite the low price, the product package even includes IM support, allowing the author to explain bot installation and operation to non-specialists and "script kiddies". G Data expresses concern that botnets could become a mass market item, both as a source of revenue and just for fun.

(crve)