PandaLabs discovers a new tool for controlling computers infected with bots

A detection of the LdPinch Trojan was the clue that led PandaLabs to discover a new server hosting a previously undiscovered tool for controlling botnets.

This tool displays two screens. The first of these shows the number of computers controlled by the ëbot herderí in each area. The second, called ëBotnet controllerí, enables a series of actions to be taken on infected computers. These include downloading and running files or blocking access to URLs. It also allows the bot herder to upload files to an FTP site, before downloading them onto infected computers.

ìThis option means an attacker can download all types of malware onto computers. A version of the LdPinch Trojan, which steals confidential information, put us on the trail. When we were investigating the server to which stolen data was sent, we discovered that this computer also hosted this tool,î explains Luis Corrons, technical director of PandaLabs. ìIn fact we suspect the Trojan was installed using this malicious applicationî.

Bots are programs that are installed on computers to take a series of actions automatically: sending spam, downloading other malware, etc, turning compromised computers into ëzombiesí. Normally, cyber-crooks try to infect as many computers as possible with bots to create botnets.

Botnets have become an important business model for criminals. There is even an underground market for renting botnets in order to send spam or other malicious activity.

In recent months, PandaLabs has discovered several tools for controlling botnets, such as Zunker. There are even bots with their own administration tool, such as Barracuda.A, which managed to infect more than 15,000 computers.

All users that want to know whether their computers have been attacked by this or other malicious code can use TotalScan or NanoScan beta, the free, online solutions available at: http://www.infectedornot.com.