Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down. At one time, Pushdo-infected computers sent as many as 7.7 billion spam messages per day. Security analysts have tried to kill it four times by commandeering its infrastructure, but a new version of the malware has emerged once again, with high concentrations of infections in countries such as India, Indonesia, Turkey and Vietnam. The latest version has been pushing “Fareit”, which is malware that steals login credentials, and Cutwail, a spam engine module. It has also been used to distribute online banking menaces such as Dyre and Zeus. Part of what has made Pushdo so resilient is its frequently changing command-and-control system, which is used to issue instructions to an infected PC, such as uploading spam templates. In the past, Pushdo has been distributed through spam and drive-by download attacks, which are Web-based attacks that look for software vulnerabilities on a person’s computer. It has also occasionally been installed by other botnets as part of pay-per-install cybercriminal affiliate schemes. The security industry has tried to shut down Pushdo four times during the last seven years, but those efforts only resulted in temporary disruptions.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street