Botnet Stays Strong Globally

Monday, August 4, 2014 @ 05:08 PM gHale


Pushdo botnet continues to stay strong as unique IP addresses keep trying to communicate with the domains of the command and control servers, researchers said.

For sinkholing purposes, security firm, Bitdefender, purchased domains generated by the DGA (domain generation algorithm) component in Pushdo.

RELATED STORIES
Cloud Botnets able to Mine Coin
Malware Threat Targets Linux, Unix
Bad Guys Use Govt. Quality Malware
After Takedown, Botnet Returns

The security firm has seen an increase in the number of IP addresses associated with infected computers trying to connect to the command and control servers of the operators in order to receive instructions.

In its latest report, Bitdefender said the “research team saw the Pushdo bots calling home from a surprising 183,909 unique IP addresses, spread all over the world.”

Most of the infections are in Asia, with India (21,768) suffering the most. However, the next two countries with the largest number of compromised computers are Vietnam (20,043) and Iran (9,787), the United States is in fourth, with requests coming from 9,001 IP addresses.

Other affected countries are Turkey (8,865), Indonesia (8,240), Thailand (8,062), Argentina (6,212), Peru (5,828) and Mexico (5,447).

Bitdefender researcher Doina Cosovan said the monitored Pushdo botnet is widespread and has an efficient command and control system.

“Overall, we think this is a rather wide-spread botnet, with an efficient command and control system, as evidenced by the very fast switchover to using the new DGA,” Cosovan said.

Pushdo’s distribution method is through Upatre, a Trojan that can download additional malware on a compromised computer.



Leave a Reply

You must be logged in to post a comment.