Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Pushdo Malware and Cutwail Botnet are Back

Since 2008, four times, technology firms and authorities have taken down the prolific Pushdo and Cutwail spam botnet. Yet it keeps resurrecting for more, as per security researchers, as published by threatpost.com dated May 15, 2013.

In the beginning of March 2013, experts at Dell SecureWorks, Georgia Institute of Technology and Damballa Labs found a new type of the malicious software or malware that had taken a domain generation algorithm (DGA) to not only neglect identification by researchers, but also to add resilience.

Cutwail has been one of the biggest spam botnet in the past, signing millions of infected computers that have sent billions of spam message through the years. The malware is installed on infected machine by dropper Trojan, Pushdo.

The researchers' team who studied the algorithm also highlighted that it can produce 1,380 unique domains everyday. The latest domain algorithm acts similar to other back-up C&C (command-and-control) techniques employed by other cyber crook gangs, including the writers of the infamous Zeus malware family.

The recent iteration plus DGA abilities, can also ask genuine websites such as universities and ISPs to merge it with usual web traffic and con sandbox type analyses.

They added DGA ability enables Pushdo, which may be employed to drop any other, to further obscure itself.

The mass of the recent infections are in Mexico, India, and Iran but other nations like the United States, and are hit by the malware. Researchers discovered many US govt. contractors and military networks tainted with malware that uses the new DGA.

The new Pushdo Trojan is accountable for more than one million unique IPs and is multiplying by 35,000 unique IPs everyday, the researchers discovered.

The new DGA strategy is a backup, used only if the malicious software on an infected system is unsuccessful to link with the primary C&C or command-and-control server.

"This is an extremely smart method to overpower standard network signature and sandboxing machines that basically block the network communication seen during the dynamic analysis of the malicious binary," the researchers said, as published by crn.com on May 15, 2013.

ยป SPAMfighter News - 5/21/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page