New tool for controlling bot infected computers
A detection of the LdPinch Trojan was the clue that led PandaLabs to discover a new server hosting a previously undiscovered tool for controlling botnets.
This tool displays two screens. The first of these shows the number of computers controlled by the “bot herder’ in each area. The second, called “Botnet controller’, enables a series of actions to be taken on infected computers. These include downloading and running files or blocking access to URLs. It also allows the bot herder to upload files to an FTP site, before downloading them onto infected computers.
“This option means an attacker can download all types of malware onto computers. A version of the LdPinch Trojan, which steals confidential information, put us on the trail. When we were investigating the server to which stolen data was sent, we discovered that this computer also hosted this tool,” explains Luis Corrons, technical director of PandaLabs. “In fact we suspect the Trojan was installed using this malicious application”.