A new, exceptionally cheap botnet builder has surfaced called Aldi Bot and is for sale online for as little as US $8.
Aldi Bot first appeared in August and is named after the popular supermarket chain, according to a post this week on GData’s SecurityBlog. Its authors initially offered it for €10, but that price was later slashed to €5 – or about $8 according to the blog post. Analysis of the bot has found that some of its code looks similar to Zeus’ source code, which has been leaked online for months.
The bot’s initial application was to carry out distributed denial of service (DDoS) attacks, use its victim’s PC as a proxy, steal passwords from Mozilla’s Firefox browser and carry out the remote execution of any file. A video allegedly posted by the botnet’s author uses the bot to lead a DDoS attack against the Bundeskriminalamt, the German Federal Criminal Police Office.
A recent update to Aldi added a Pidgin password stealer and a jDownloader password stealer.
According to The Register, the botnet‘s seller isn’t in it for the money and just wants to offer a “people’s bot” to the public that even the most novice hackers might be lured to purchase.