Orbit Downloader by Innoshock is a popular file downloading add-on for web browsers, used not only to speed up
the transfer of files over the Internet but also for its ability to download embedded videos from popular streaming
video sites like YouTube.
Orbit Downloader has been around since at least 2006, and like many programs these days, is available for free. The
developer, Innoshock, generates its revenue from bundled offers, such as OpenCandy, which is used to install third-party
software as well as to display advertisements in order to generate revenue.
This type of advertising arrangement is normal behavior these days and one of the things that ESET’s researchers regularly
look at when determining whether or not a program is to be classified as a Potentially Unwanted Application (PUA). While
that process is likewise fairly routine for ESET’s researchers, it is one which requires careful examination because the
reasons for which programs may be classified as a PUA vary on a case-by-case basis.
Criminals understand that computer users want to download files and streamed videos and have already begun to take advantage
of the situation, as computer security researcher Graham Cluley noted in a post on his blog, “Is that YouTube Video Downloader
browser plugin safe? Beware!“
What is unusual, though, is to see a popular utility containing additional code for performing Denial of Service (DoS) attacks,
which is exactly what our threat researchers found during an otherwise routine examination of the Orbit Downloader software package.
Given the age and the popularity of Orbit Downloader (it is listed as one of the top downloads in its category on several popular
software web sites) this means that the program might be generating gigabits (or more) of network traffic, making it an effective
tool for Distributed Denial of Service (DDoS) attacks. ESET identifies versions of Orbit Downloader containing this attack code
as Win32/DDoS.Orbiter.A.
Popular file download sites BetaNews, DownloadCrew, Softpedia,Majorgeeks and Softonic have all removed Orbit Downloader from their sites
Orbital Decay: the dark side of a popular file downloading tool
http://www.welivesecurity.com/2013/08/21/orbital-decay-the-dark-side-of-a-popular-file-downloading-tool/
thanks
James
:)
edit: for link to story