Entries with tag damballa.

Pushdo Botnet Is Evolving, Evading Detection

New research finds that a Pushdo Trojan variant has continued evolving and thriving and now can counteract attempts to disrupt the botnet it has created. Security experts first spotted the Trojan, which hackers use to distribute spam and other malware, in 2007 . Cutwail, the network’s spam-generating engine, is reportedly responsible for much of the world’s spam traffic. Security experts have tried to take down the Pushdo/Cutwail botnet four times during the last five years, according to PC World, but the disruption was only temporary. Security experts from vendors Damballa and Dell SecureWorks, as well as the Georgia Institute of Technology, say the latest variant of Pushdo uses domain-generation algorithms, which periodically generate multiple domain names that botnet controllers can use to contact zombie computers. The many new contact points make shutting down botnets difficult for security experts. It also causes problems with user security products designed to block malicious traffic. The Trojan also has zombies regularly query legitimate websites to camouflage their traffic to command-and-control servers. Damballa published its Pushdo findings online at < https://www.damballa.com/downloads/r_pubs/Damballa_mv20_case_study.pdf >.  (PC World)(Infosecurity Magazine)(Damballa)

Showing 1 result.