Botnet Targets Web Sites With Junk SSL Connections 64
angry tapir writes "More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet. The FBI, Twitter, and PayPal are among the sites being hit, although it doesn't appear the attacks are designed to knock the sites offline. Pushdo appears to have been recently updated to cause computers infected with it to make SSL connections to various Web sites — the bots start to create an SSL connection, disconnect, and then repeat." SecureWorks's Joe Stewart theorizes that this behavior is designed to obscure Pushdo's command and control in a flurry of bogus SSL traffic.
The FBI has already apprehended the culprits (Score:1, Funny)
The FBI has apprehended the individuals responsible for the Pushdo botnet, but because the said individuals are minors, we have decided to file no charges if the said individuals apologized to everyone who had been negatively affected by the Pushdo botnet. Unfortunately, due to a typo, the said individuals issued a botnet command that is causing the botnet computers to keep trying to POST the following apology to the SSL port:
POST / HTTP/1.0
Referer: http://ir902.detention.fbi.gov/ [fbi.gov]
User-Agent: PushDo/1.0.1
Accept: */*
Content-type: application/x-www-form-urlencoded
Content-length: 1337
apology=We+apologize+for+any+inconvenience+our+childish+Pushdo+botnet+experiment+may+have+caused you.+Sincerely,+Billy+Pushman+and+Jimmy+Doe.
Re:From TFA (Score:4, Funny)
most Slashdotters have fairly lax moral standards. Especially when it comes to computers.
Yes, essentially we are all evil . . . now where's that kitten? Er, sorry, I meant robotic, remote-controllable kitten with embedded linux firmware!?
Re:And they say obfuscation isn't a good defense (Score:4, Funny)
Obfuscation isn't good security. But, as any politician will tell you, it's excellent defense.
Re:SSL traffic (Score:4, Funny)
I would bet that on them not being CMMI certified and not writing their viruses in java...