Huge Spamming Botnet Pushdo Crippled But Still Active
Pushdo/Cutwail, a notorious botnet famous for actively circulating malware, phishing campaigns and spam, is still a threat, even after security researchers' teams and ISPs tried to cripple the botnet by dismantling its command-and-control infrastructure, as reported by SearchSecurity on August 31, 2010.
As per M86 Security, the botnet may reconstitute itself within few weeks.
Security analysts at LastLine took measures in the last week of August 2010 by getting in touch with the ISPs harboring the command-and-control infrastructure for the botnet.
Around 30 servers at 8 different hosting firms were discovered supporting Pushdo. LastLine spoke to the ISPs, and around 20 of the servers were immediately taken offline. On the other hand, some of the ISPs remained unresponsive.
Thorsten Holz, Senior Threat Analyst at LastLine, commented that unluckily, not all ISP's were responsive and hence several command and servers were still online, as reported by SearchSecurity on August 31, 2010.
As per an analysis of the Pushdo botnet conducted by FireEye Inc., even though the measure taken by LastLine decreased the strength of the botnet, cyber crooks behind it were on the road to recovery. The company's security researchers discovered active backup command-and-control servers in nations like the United States, Germany, China, and Russia. The active servers allowed those behind the botnet to reconstruct it over some days; Pushdo, accountable for up to 10% of the global spam, is once again holding its grip.
Those active servers are a major concern. As long as those servers are capable to get in touch with the systems infected with Pushdo, there will be a possibility to restart spamming.
Commenting on the issue, Atif Mushtaq (Security Research Engineer at FireEye) said that unluckily, the effort to shutdown Pushdo just suspended its spam for only two days. In fact, backup CnCs protected it this time, as reported by SearchSecurity on August 31, 2010.
Pushdo is proficient of producing random domain names. If those domain names are indexed or stimulated, then the botnet regulators can send new commands to the hacked systems.
Ed Rowley, Product Manager for M86 Security, said that anyhow they would recover and again rise up in future, as reported by PCWorld on August 31, 2010.
Related article: Hack.Huigezi Virus Attacks China PCs Rapidly
» SPAMfighter News - 03-09-2010