1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Aldi Bot Activity 2

System Infected: Aldi Bot Activity 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to Aldi Bot activity over the network.

Additional Information

Aldi bot connects to an HTTP command and control server, uploads stolen information and performs denial of service attacks as well. Attack type includes:
* StartHTTP: starts an HTTP DDoS attack
* StartTCP: starts a TCP DDoS attack
* StopHTTPDDoS: stops an HTTP DDoS attack
* StopTCPDDoS: stops a TCP DDoS attack
* StopDDoS: apparently stops all DDoS attacks
* DownloadEx: download and execute other code (malware)
* CreateSocks: creates a SOCKS5 proxy
* StealData: trigger password stealing functionality
* Update: updates the bot

Affected

  • Windows

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube