International Research Team Crippled PushDo Botnet
An international research team comprising PhD students and professors at Germany's Ruhr-University Bochum and the University of California, Santa Barbara, have managed to deactivate a botnet as a by-product of their research.
A joint research project analyzing spam distribution was undertaken by the team. A part of this project was running many honeypots (open machines online designed to track malware) and looking for matches or patterns in the data.
The research team matched some of the malware discovered against the free databases managed by Anubis (a tool for analyzing malware). The team was able to identify 30 C&C servers (command and control servers) used by the PushDo botnet responsible for sending spam in large volumes.
These command and control servers, which prevented the poisoned systems from being connected to the control hubs for instructions, were knocked offline.
According to the security firm M86 Security, this resulted in a remarkable decline in the total number of spam delivered by the botnet, also known as Cutwail.
Spam expert Phil Hay at M86 suggested that a notice of caution should be circulated, as reported by SCMagazine on August 27, 2010. He further added - past experiences have shown that this botnet takedowns have short life. People behind the botnet are not discouraged by disabling the control servers. It is believed that they will be soon back with bots and new control servers to do their spamming.
As per the news published by V3.co.uk on August 28, 2010, Thorsten Holz (Assistant Professor) explained that the Pushdo botnet had a long past and some analysis points its exploration to 2007.
The professor added - this piece of malware works as a dropper and downloads additional components which then can perform different tasks, such as the Cutwail component which distributes spam mails.
In addition, the security experts mentioned that it is recognized for spam which deceives the recipient into installing malware and is also expert at hiding itself from the intrusion-prevention systems. Over the years, the output has varied with estimates as high as 20% of the world's spam at some position.
The Pushdo botnet was noticeable for various other technical feats which involve ability to pierce Microsoft Live by defeat its audio Captchas.
Related article: Internet Threat Volumes Overwhelm Security Companies
» SPAMfighter News - 31-08-2010