ESET Finds DDoS Functionality in Orbit Downloader
The security firm says the program could be generating several gigabits of network traffic.
The additional code was added to Orbit Downloader sometime between the release of version 22.214.171.124 on December 25, 2012 and the release of version 126.96.36.199 on January 10, 2013.
ESET identifies versions of Orbit Downloader containing the attack code as Win32/DDoS.Orbiter.A.
"Given the age and the popularity of Orbit Downloader (it is listed as one of the top downloads in its category on several popular software web sites) this means that the program might be generating gigabits (or more) of network traffic, making it an effective tool for Distributed Denial of Service (DDoS) attacks," ESET distinguised researcher Aryeh Goretsky wrote in a blog post.
Following ESET's announcement, several file download sites have removed Orbit Downloader from their listings.