This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Pushdo botnet spams malware analysis site, researchers find

Share this article:

Saboteurs behind the Pushdo botnet are sending spam to a website meant to educate users on malware, researchers have found.

 

Blue Coat Systems researchers Chris Larsen and Jeff Doty co-authored a blog post on Wednesday, which detailed how the site, PracticalMalwareAnalysis.com, was being targeted with Pushdo-related spam.

 

Since the malware appeared in 2007, Pushdo has been repeatedly used to deliver data-stealing Trojans, such as Zeus and SpyEye, via its spamming module Cutwail. In this instance, the Pushdo botnet causes infected computers to spam out emails containing the Trojan Zeus, researchers found.

 

PracticalMalwareAnalysis.com was set up to market a book of the same name written by Michael Sikorski and Andrew Honig. The book is meant to provide readers with a “hands-on guide to dissecting malicious software”.

 

In addition to spreading Zeus, Pushdo operators coded the malware so that infected computers running a malware monitoring tool called FakeNet  – which the authors of 'Practical Malware Analysis' created and released with the book – spam the companion site with emails. FakeNet allows analysts to create a 'fake' network capable of tracking malware.

 

In a follow-up email with SCMagazine.com on Thursday, Doty wrote that he saw a spike in Pushdo infections on 26th August, which likely means a spam campaign was active that day to spread the malware. As of Wednesday afternoon however, users were still downloading the malware, he said.

 

“After it compromises your machine, it starts to send out spam to all sorts of people,” Doty wrote of Pushdo. “That spam contains an attachment that is a Zeus payload."

 

[An earlier version of this story incorrectly stated that Pushdo attackers compromised the Practical Malware Analysis website, when instead, the botnet was used to spam the site.]

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Mobile flaw means 92% of Gmail accounts are hackable

Mobile flaw means 92% of Gmail accounts are ...

Researchers with the University of California's College of Engineering and the University of Michigan have identified a weakness they believe exists across Android, Windows and iOS operating systems that could ...

Heartbleed: Still a security risk

Heartbleed: Still a security risk

The Heartbleed security issue may be six months old, but it remains a major problem.

IEEE looks to raise security standards among software developers

IEEE looks to raise security standards among software ...

The Institute of Electrical and Electronics Engineers (IEEE) has formed a new advisory group with the private sector, and is already advising software developers to ensure that their applications are ...