Pushdo spits fake domains at white hats

By

Domain generating algo used.

Criminals behind the Pushdo botnet had used a domain generation algorithm in a bid to fool white hat researchers affiliated with the site PracticalMalwareAnalysis.com.

Pushdo spits fake domains at white hats

The domain generation algorithm produced fake domains that appeared to be part of the bot's infrastcuture. In doing so, it would try to send researchers on a goose chase in pursit of the fake domains.

Meanwhile, Pushdo would pilfer data from victims by downloading the Zeus and SpyeEye trojans.

The malware only began producing the fake domains if during a search of a victim's machine it found the FakeNet tool created by the authors of PracticalMalwareAnalysis.

Once thedummy network tool was found, it began spamming the research site.

If the tool was not detected, Pushdo would attempt to conceal itself within the victim's stream of traffic, Blue Coat Systems researchers Chris Larsen and Jeff Doty said in a blog.

Doty said the attacks likely occurred on 26 August when a spike of infections was detected and has continued.

“After it compromises your machine, it starts to send out spam to all sorts of people,” Doty wrote of Pushdo. “That spam contains an attachment that is a Zeus payload."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?