PushDo botnet launches web attacks

A large botnet has begun targeting hundreds of sites with denial of service (DoS) attacks.

Researchers believe that a malware network known as PushDo has recently stepped up activity and has been attempting numerous attacks on US government sites as well as security blogs and social networking sites.

According to security watchdog group Shadow server, the attacks began last week and attempted to use SSL traffic to cripple targeted sites. Among the sites said to be in the botnet's crosshairs were Twitter, Mozilla.org, security research group Sans, and the homepage of the US Central Intelligence Agency (CIA).

First spotted in 2007, PushDo also goes by the names "Cutwail" and "Pandex". At its highest point, the botnet was believed to account for a sizable portion of all malicious spam traffic.

The latest attacks, however, appear to be far less successful. Sans researcher Johannes Ullrich said in a blog posting that little downtime was being reported, likely due to the large number of targets spreading PushDo's resources thin.

"At this point, it is not clear what the intention is of this botnet. If its intention is a denial of service attack, then it failed," he wrote.

"It does not appear that any of the sites listed experienced significant PushDo-related outages."

Additionally, Ullrich suggested that the failed attacks were allowing Sans to better analyse the botnet and gain a clearer picture of how it attacks various sites.