Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


PushDo Trojan Appears in Fresh Version, Says BitDefender

BitDefender recently detected one new variant of PushDo Trojan that uses a different encryption key during exchanging messages among the infected PCs of the botnet alternatively while communicating with the malware's C&C server, published softpedia.com, July 16, 2014.

While authors of PushDo developed several variants, BitDefender's security investigators have just discovered one fresh strain, which though uses the previous communication protocol, however, utilizes new keys for public/private encoding.

There's one more modification in the new PushDo variant i.e. it has one encrypted overlay in connection with the Trojan's binaries for certain validation. BitDefender's investigators elaborate this as the necessary requirements mentioned within the overlay which must be complied with otherwise the variant won't work properly. Softpedia.com published this.

Apparently, each-and-every domain-name generated via an in-built DGA (domain generation algorithm) currently has approximately a hundred clean entries. All details related to the actual C&C (command-and control) infrastructure is hidden with this DGA, thus it becomes harder for disrupting the botnet.

Further, the PushDo authors are presently using one new DGA whose main structure though remains the same the domain-names it issues appear quite different, states BitDefender.

The security company sinkholed one such domain-name following which it was able in getting 8,840 queries associated with 2,336 distinct Internet Protocol address within not even three full hours.

Of the ten nation-states that were most affected with PushDo's latest variant were USA, Indonesia, India and Vietnam, where almost 600 contaminations were spotted.

The PC-Trojan, since its first appearance during 2007, is being repeatedly utilized for planting the SpyEye or ZeuS financial malware through spam.

As per BitDefender Labs' Senior E-Threat Analyst Bogdan Botezatu, cyber-criminals seemed as maintaining their efforts towards making the PushDo botnet up-to-date, but had not still distributed any fresh malicious program through Cutwail the spamming module of the botnet. SCMagazine.com published this, July 16, 2014.

Botezatu further said that PCs having the latest PushDo sample weren't thrusting anything yet, however, were attempting at making every client assign with the sample. According to estimations, PushDo infections hit 1.5m PCs globally and BitDefender anticipated all those PCs would get updated to PushDo's newest variant, he finished off.

ยป SPAMfighter News - 7/29/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page