‘PushDo’ Botnet Targets Government & Security Websites
Shadow Server, a security watchdog group, has discovered that PushDo (a massive bot network) is attacking innumerable websites by denial-of-service assaults. The attacks started during the end-week of January 2010 as they tried to exploit Secure Sockets Layer (SSL) traffic for disabling the sites.
SSL is a protocol utilized for encrypting messages sent and received on computers for activities such as online banking and e-commerce.
Joe Stewart, Director of Malware Research at SecureWorks, states that PushDo primarily is sending the communications with a bogus SSL caption from the bot-infected PCs to the command-and-control server under its own control, as reported by CNet on February 1, 2010.
Stewart adds that the botnet is attempting to conceal its activities slightly better. The idea is to give an impression that it is doing a casual examination of SSL traffic.
The security researchers state that PushDo has been trying to launch numerous attacks against social networking websites, security blogs and government websites. The targeted websites are Mozilla.org; Twitter.com; US Central Intelligence Agency (CIA home-page); and the website of SANS, the security research institute. Nevertheless, it doesn't seem that these websites are having considerable outages from PushDo.
Further, PushDo was first detected during 2007, and is also known as 'Pandex' and 'Cutwail.' When it was at its peak activity, PushDo contributed a significant share in the total spam traffic.
Explaining PushDo functioning, Stewart stated that the botnet downloaded various malicious trojans on contaminated PCs, and had been spamming messages on behalf of the Cutwail spambot. The network consisted of approximately 300,000 zombies. Located in Eastern Europe, PushDo's operators were also providing its service on rent to other criminals. The system typically was a pay-per-install mechanism utilized for disseminating password stealers, banking Trojans, search hijackers, and ad clickers, the expert added.
However, Johannes Ullrich researcher at SANS in a blog posting reports, the latest assaults don't seem as successful as before. According to him, the impact is mitigating partly because the botnet's firework is diffusing, distributed over huge percentages of targets, as reported by Internet Storm Center on February 2, 2010.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 09-02-2010