PushDo Trojan Variant Has New Domain Generation Algorithm


Userlevel 7
Badge +54
July 16th, 2014, 15:43 GMT · By Ionut Ilascu
 

PushDo botnet distribution across the globe
 A fresh version of the PushDo malware component has been detected by security researchers to have changed the encryption keys for the communication across the botnet or with the command and control server.

Malware writers have created several variants of the PushDo Trojan, and researchers at Bitdefender have found a new one that relies on the same communication protocol, but switched to different private and public encryption keys. Full Article 

4 replies

Userlevel 7
Badge +54
By John Leyden, 17 Jul 2014
 
A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours.
Indian PCs have been most affected by the outbreak, but systems in the UK, France and the US have also been hit, according to security software firm Bitdefender.
 The Romanian firm reckons 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period. Other countries that have been heavily affected by the Pushdo variant include Vietnam and Turkey.
 
Full Article
Userlevel 7
Badge +54
July 21st, 2014, 15:01 GMT · By Ionut Ilascu
 


Most Pushdo infections have been recorded in Asia
 The size of the Pushdo network of infected computers is much larger than initially expected, as security firm has seen more than 76,000 machines connecting to domains under their control.

Last week, Romanian security company Bitdefender presented details about a new variant of the Pushdo malware, reporting that the fresh strain came with a changed domain generation algorithm and featured different public and private keys for the encrypted communication with the command and control (C2) server.

According to a new report from Bitdefender, received via email, the number of computers compromised by the malware has been on the rise on a constant basis, with more than 784,000 requests coming from 76,433 unique IP addresses being recorded on Monday, July 21. Full Article 
Userlevel 7
This botnet is a serious malware that needs to be addressed more seriously. Based on this article the the crooks added an encrypted overlay to the binary file, that alone is enough to bypass securit measures and infect ones pc.
Userlevel 7
Badge +54
July 30th, 2014, 19:33 GMT · By Ionut Ilascu
 


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
        Pushdo botnet continues to stay strong as security company's systems record almost 200,000 unique IP addresses attempting to communicate with the domains of the command and control servers.
Bitdefender purchased domains that have been generated by the DGA (domain generation algorithm) component in Pushdo for sinkholing purposes.

The security firm has seen a constant rise in the number of IP addresses of infected computers trying to connect to the command and control servers of the operators in order to receive instructions.

In the latest report on the matter, the company says that the “research team saw the Pushdo bots calling home from a surprising 183.909 unique IP addresses, spread all over the world.”
 
Full Article

Reply