Pushdo Malware the new threat

        According to one famous online internet security magazine has confirmed that One of the oldest active malware families, Pushdo, is again making its way onto the Internet and has recently infected more than 11,000 computers in just 24 hours.

        Pushdo, a multipurpose Trojan, is primarily known for delivering financial malware such as ZeuS and SpyEye onto infected computers or to deliver spam campaigns through a commonly associated components called Cutwail that are frequently installed on compromised PCs. Pushdo was first seen over 7 years ago and was a very prolific virus in 2007.

Now, a new variant of the malware is being updated to leverage a new domain-generation algorithm (DGA) as a fallback mechanism to its normal command-and-control (C&C) communication methods.
DGAs are used to dynamically generating a list of domain names based on an algorithm and only making one live at a time, blocking on ‘seen’ Command & Control domain names becomes nearly impossible.

With the help of a DGA, cyber criminals could have a series of advantages like overcoming domain blacklisting, resisting domain takedowns by simply registering another domain generated by the same DGA, avoiding dynamic analysis and extraction of C&C domain names.
According to researchers at Bitdefender, about 6,000 compromised systems in the 1.5 million-strong botnet now host this new PushDo variant. The most affected countries so far by the new Pushdo variant are in India, Vietnam and Turkey, but systems in the United Kingdom, France and the United States have also been targeted, according to the security software firm Bitdefender.

MOST AFFECTED COUNTRIES
Vietnam - 1319
India - 1297
Indonesia - 610
United States - 559
Turkey - 507
Iran, Islamic Republic of - 402
Thailand - 345
Argentina - 315
Italy - 302
Mexico - 274

The Romanian firm reckons 77 systems have been compromised in the UK just in the past 24 hours, with more than 11,000 infections reported worldwide over the same period of time.

Despite four takedowns in past years of PushDo command-and-control (C&C) servers, the botnet endures, evolving and flourishing by continuously adding evasion techniques to mask its C&C communications.
Apart from DGA, attackers have also resurfaced the public and private encryption keys used to protect the communication between the bots and the Command and Control Servers, but the protocol used for the communication remained the same.
They have also added an “encrypted overlay” to the latest Pushdo binaries, which acts as a “checkup,” making sure the malware sample doesn't run properly unless certain conditions specified in the overlay are not met, said the blog post.
This new approach of cyber criminals would make life harder for the FBI and law enforcement agencies who are trying every effort to take down Botnets across the world.

Note: The data & details shown is completely base on online internet research  & trusted online magazines.

Comments

Popular posts from this blog

MICROMAX IN NOTE 1 User Review

Review of TPU (Silicon) Back Cover by Micromax for In Note 1

Well Known Gujarati Technocrate