Orbit Downloader (download manager) contains malware, says anti-virus company

orbit_downloader_il_file

Do you use Orbit Downloader, a popular download manager for Windows? Then you should uninstall it right now because, according to ESET (the makers of NOD32 anti-virus), Orbit Downloader contains malware.

More specifically, ESET alleges Orbit Downloader contains code that is used to perform DDoS (denial-of-service) attacks. Orbit Downloader downloads a DLL file it grabs from Orbit Downloader’s website after installing. This DLL file is then used to perform these DDoS attacks:

“Given the age and the popularity of Orbit Downloader (it is listed as one of the top downloads in its category on several popular software web sites) this means that the program might be generating gigabits (or more) of network traffic, making it an effective tool for Distributed Denial of Service (DDoS) attacks. On a test computer in our lab with a gigabit Ethernet port, HTTP connection requests were sent at a rate of about 140,000 packets per second, with falsified source addresses largely appearing to come from IP ranges allocated to Vietnam.”

It should be noted the malware was specifically identified as being used to conduct DDoS attacks. A DDoS attack is something that targets other computers and servers, so it shouldn’t affect your computer or files per se. However, it is still something you don’t want on your computer.

ESET is quick to point out it isn’t clear how often, if at all, this DDoS capability of Orbit Downloader was used and what the targets are. Furthermore, it isn’t clear if this DDoS capability was added intentionally by the developer of Orbit Downloader or someone hacked the program and threw it in there. The developer of Orbit Downloader, Innoshock, has no far not responded to these claims which adds suspicion that they may have done this on purpose. However, it is said the DDoS functionality of Orbit Downloader was added sometime between December 25, 2012 (version 4.1.1.14) and January 10, 2013 (version 4.1.1.15); since Orbit Downloader has been around since 2006, it is possible that Orbit Downloader was hacked by a third party and DDoS components were distributed without the developer’s knowledge.

We will only learn more once (if) Innoshock responds. Until then, we highly recommend you remove Orbit Downloader from your computer if you have it installed.

Hit up the ESET via link below to learn more, if you are interested.

[Thanks BearPup, WildCat | via ESET, SoftwareCrew]

 

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

7 comments

  1. MechaNic

    I have Orbit v.4.1.18
    Trough Anvir taskmanager I observed outgoing Internet traffic starting, each time I start Orbit. This traffic cintinues until I close Orbit. Now I understand why. I’ll remove the program immediately.

  2. Mr.Dave

    It would be nice if ESET or someone else would identify the specific DLL file mentioned and whether any special un-install steps are needed. I’m hoping Revo Uninstaller gets it. I see I have Orbit Downloader installed on my system, but there’s no sign of it in Firefox. Does it only work with Chrome or IE?

  3. Mags

    This isn’t the first time that something like this has happened and probably won’t be the last.

    Back in 2002, when I was first learning HTML, there was a highly recommended Free WYSIWYG editor. The SW was recommended by many, including HP as one of the best out there.

    Naturally I installed and used it. Eventually I started to realize that things just were not right on my PC, yet my AV (at that time AVG, and the reason why I refuse to use AVG now) didn’t find anything. I finally did an online scan and it found the virus. Needless to say it was also around the time that many others had found the virus.

    It should also be noted that the SW was a great HTML editor but because of the fact that the developers purposely added a virus to it the company is no longer in business.

    This could also happen to Orbit if they have done the same thing. From what you mentioned above, it does seem like they have.

  4. Dr. Sheldon Cooper

    Per Softpedia:
    “At least a couple of threads covering this topic have been created on the official Orbit Downloader forum, but so far there’s no response from the developer.

    Until the issue is sorted, Orbit Downloader is no longer available for download from Softpedia. ESET products have been updated to detect (Win32/DDoS.Orbiter.A) and neutralize the malicious version of the app.”

    It’s good to see that they’re on the ball. If you look at Orbit’s forums, there’s alot of spam posts which gives you the ideal that they hardly moderate it. That’s not what one wants to see for such a highly distributed program.

  5. Dr. Sheldon Cooper

    Softpedia had the story yesterday :

    http://news.softpedia.com/news/Orbit-Downloader-Contains-DDOS-Component-ESET-Warns-377662.shtml

    and according to their page description, it’s been downloaded almost 1.5 million times! Add that to the downloads from Majorgeeks, Fileforum, Afterdawn, Cnet, Filehippo, Videohelp, Orbit’s own site and who knows how many others, and that’s quite alot of computers that may have open ports to Vietnam!

    There’s a warning on Videohelp.com from March describing some adware it installs.

    http://www.videohelp.com/tools/Orbit-Downloader

  6. JonE

    Thank you Ashraf; very informative.

    Wikipedia also annotates this behavior.

    A quick check on the “Orbit Downloader” download page shows thirty five “Orbit Downloader Awards”, none of them linked, two of them from “Softpedia”. But, to “Softpedia’s” credit, after a thorough search it appears that “Softpedia” has removed “Orbit Downloader” from it’s listings.

    Great article Ashraf; thanks for the info.