0 Replies Latest reply on Aug 23, 2013 2:21 PM by Hayton

    Warning about Orbit Downloader

    Hayton

      I just posted this warning on the download site's Comments page but it deserves a wider audience.

       

      Two issues, one known about for some time and one recent.


      First, the download comes bundled with adware including OpenCandy and with other junkware. CNET no longer recommends it to users :

      "Orbit Downloader makes it easy to download lots of files, but it's not really worth all of the junkware it packages with it. There are almost a half-dozen different programs and toolbars this download will try to add. Even the program, itself, is riddled with ads for other programs you don't want. The small boost in features isn't enough to justify this download.


      This program throws more junk programs at you during the install than you could ever count. Even if you opt out of all of them, one or two will still randomly start installing themselves in the middle of the download."


      Second, researchers at ESET investigating the miscallaneous junk that comes in the bundle discovered that since Version 4.1.1.14 (December 2012) or even before - perhaps as far back as 4.1.1.5 - this program has been downloading, from the official website (orbitdownloader.com), a rogue DLL that has DDoS capability and an encrypted configuration file containing a list of websites and IP addresses to serve as targets for attacks. Once installed, the program acts like malware and begins to send large quantities of network traffic to the IP addresses in the configuration file. The effect is to cripple internet access for other running programs.


      ESET now detects the rogue component as a Trojan and the other AV vendors will certainly follow suit.


      The website cannot be said to be Safe in the light of this information, and the download should certainly flagged as Dangerous.

       

       

      The news about this has been around for a couple of weeks but it has only now been reported in the sources that I get to read. For the story see (among others)

       

      http://www.computerworld.com/s/article/9241823/Popular_download_management_progr am_has_hidden_DDoS_component_researchers_say?taxonomyId=18&pageNumber=1

       

      http://download.cnet.com/Orbit-Downloader/3000-2071_4-10600926.html  - read the comments. The DDoS traffic was noted as far back as the end of May and at least one AV product detected a Trojan in mid-June.

       

      The Wikipedia entry has been updated to include it - http://en.wikipedia.org/wiki/Orbit_Downloader