Botnet Spams Malware Analysis Site

Monday, September 16, 2013 @ 03:09 PM gHale


In an ironic twist, Pushdo botnet users are sending spam to a website meant to educate users on malware, researchers said.

The site, PracticalMalwareAnalysis.com, was a target of the Pushdo-related spam, said Blue Coat Systems researchers Chris Larsen and Jeff Doty, who co-authored a blog post on the subject.

RELATED STORIES
FBI Took Over Tor Servers
Botnet Found on Tor
Botnet Keeps Morphing, Growing
DDoS Botnet Detects Defenses

Since the malware appeared in 2007, Pushdo has repeatedly delivered data-stealing Trojans, like Zeus and SpyEye, via its spamming module Cutwail. And in this instance, the Pushdo botnet causes infected computers to spam out emails containing the Trojan Zeus, researchers said.

PracticalMalwareAnalysis.com is a marketing site for a book of the same name written by Michael Sikorski and Andrew Honig. The book attempts to provide readers with a “hands-on guide to dissecting malicious software.”

In addition to spreading Zeus, Pushdo operators coded the malware so infected computers running a malware monitoring tool called FakeNet – which the authors of “Practical Malware Analysis” created and released with the book – spam the companion site with emails. FakeNet allows analysts to create a “fake” network capable of tracking malware.

“After it compromises your machine, it starts to send out spam to all sorts of people,” Doty wrote of Pushdo. “That spam contains an attachment that is a Zeus payload.”



Leave a Reply

You must be logged in to post a comment.