Posts Tagged ‘DDoS’

MicrosoftNitol botnet distributed with the downloadable file that contains the DLL module.

Microsoft has conducted an analysis of the source code botnet Nitol, whose work was recently stopped in Operation “Operation b70”. Recall that during the operation, employees uncovered a scheme in which the attackers spread the virus even at the stage of production of computers, and some buyers in China with pre-purchased equipment botnet client.

Expert analysis indicated that a family of viruses Nitol, probably part of the general class of instruments DDoS. Many variants of this virus contains elements copied from other malicious programs used for the organization of distributed denial of service attacks.

Most of the detected in the study of modifications Nitol has two main components: an executable loader and component libraries. When running on a system boot installs DLL, in most cases, removing it from its own resources, and sets it as a service or driver. Some library modules run immediately after installation by calling the main function of the DLL from the executables, and some run only after a reboot. (more…)