light bulb

Did You Know?



Reply
Highlighted
Posts: 6,396
Topics: 4,258
Kudos: 8,128
Registered: ‎06-12-2013

PushDo Trojan Variant Has New Domain Generation Algorithm

July 16th, 2014, 15:43 GMT · By Ionut Ilascu

 

PushDo botnet distribution across the globe

 
A fresh version of the PushDo malware component has been detected by security researchers to have changed the encryption keys for the communication across the botnet or with the command and control server.

Malware writers have created several variants of the PushDo Trojan, and researchers at Bitdefender have found a new one that relies on the same communication protocol, but switched to different private and public encryption keys.
 

 

Sr. Community Leader

Posts: 6,396
Topics: 4,258
Kudos: 8,128
Registered: ‎06-12-2013

Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours

By John Leyden,

 

A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours.

Indian PCs have been most affected by the outbreak, but systems in the UK, France and the US have also been hit, according to security software firm Bitdefender.

 

The Romanian firm reckons 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period. Other countries that have been heavily affected by the Pushdo variant include Vietnam and Turkey.

 

Full Article

Sr. Community Leader

Posts: 6,396
Topics: 4,258
Kudos: 8,128
Registered: ‎06-12-2013

Pushdo Botnet Grows to Over 76,000 Machines

July 21st, 2014, 15:01 GMT · By Ionut Ilascu

 

Pushdo-Botnet-Grows-to-Over-45-000-Machines-in-48-Hours111111111111111.png

Most Pushdo infections have been recorded in Asia

 
The size of the Pushdo network of infected computers is much larger than initially expected, as security firm has seen more than 76,000 machines connecting to domains under their control.

Last week, Romanian security company Bitdefender presented details about a new variant of the Pushdo malware, reporting that the fresh strain came with a changed domain generation algorithm and featured different public and private keys for the encrypted communication with the command and control (C2) server.

According to a new report from Bitdefender, received via email, the number of computers compromised by the malware has been on the rise on a constant basis, with more than 784,000 requests coming from 76,433 unique IP addresses being recorded on Monday, July 21.
 

 

Sr. Community Leader

Posts: 3,838
Topics: 2,259
Kudos: 3,079
Blog Posts: 0
Registered: ‎06-02-2014

Re: Pushdo Botnet Grows to Over 76,000 Machines

This botnet is a serious malware that needs to be addressed more seriously. Based on this article the the crooks added an encrypted overlay to the binary file, that alone is enough to bypass securit measures and infect ones pc.

Community Leader

Posts: 6,396
Topics: 4,258
Kudos: 8,128
Registered: ‎06-12-2013

Pushdo Botnet Continues to Stay Strong

[ Edited ]

July 30th, 2014, 19:33 GMT · By Ionut Ilascu

 

Pushdo

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 
 
 
 
 
 
 
Pushdo botnet continues to stay strong as security company's systems record almost 200,000 unique IP addresses attempting to communicate with the domains of the command and control servers.


Bitdefender purchased domains that have been generated by the DGA (domain generation algorithm) component in Pushdo for sinkholing purposes.

The security firm has seen a constant rise in the number of IP addresses of infected computers trying to connect to the command and control servers of the operators in order to receive instructions.

In the latest report on the matter, the company says that the “research team saw the Pushdo bots calling home from a surprising 183.909 unique IP addresses, spread all over the world.”

 

Full Article

Sr. Community Leader