PushDo Trojan Appears in Fresh Version, Says BitDefender

BitDefender recently detected one new variant of PushDo Trojan that uses a different encryption key during exchanging messages among the infected PCs of the botnet alternatively while communicating with the malware's C&C server, published softpedia.com, July 16, 2014.

While authors of PushDo developed several variants, BitDefender's security investigators have just discovered one fresh strain, which though uses the previous communication protocol, however, utilizes new keys for public/private encoding.

There's one more modification in the new PushDo variant i.e. it has one encrypted overlay in connection with the Trojan's binaries for certain validation. BitDefender's investigators elaborate this as the necessary requirements mentioned within the overlay which must be complied with otherwise the variant won't work properly. Softpedia.com published this.

Apparently, each-and-every domain-name generated via an in-built DGA (domain generation algorithm) currently has approximately a hundred clean entries. All details related to the actual C&C (command-and control) infrastructure is hidden with this DGA, thus it becomes harder for disrupting the botnet.

Further, the PushDo authors are presently using one new DGA whose main structure though remains the same the domain-names it issues appear quite different, states BitDefender.

The security company sinkholed one such domain-name following which it was able in getting 8,840 queries associated with 2,336 distinct Internet Protocol address within not even three full hours.

Of the ten nation-states that were most affected with PushDo's latest variant were USA, Indonesia, India and Vietnam, where almost 600 contaminations were spotted.

The PC-Trojan, since its first appearance during 2007, is being repeatedly utilized for planting the SpyEye or ZeuS financial malware through spam.

As per BitDefender Labs' Senior E-Threat Analyst Bogdan Botezatu, cyber-criminals seemed as maintaining their efforts towards making the PushDo botnet up-to-date, but had not still distributed any fresh malicious program through Cutwail the spamming module of the botnet. SCMagazine.com published this, July 16, 2014.

Botezatu further said that PCs having the latest PushDo sample weren't thrusting anything yet, however, were attempting at making every client assign with the sample. According to estimations, PushDo infections hit 1.5m PCs globally and BitDefender anticipated all those PCs would get updated to PushDo's newest variant, he finished off.

» SPAMfighter News - 7/29/2014