Forgot your password?
typodupeerror
Botnet Security

Pushdo Trojan Infects 11,000 Systems In 24 Hours 32

Posted by Unknown Lamer
from the bots-everywhere dept.
An anonymous reader writes Bitdefender has discovered that a new variant of the Trojan component, Pushdo, has emerged. 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period. The countries most affected so far by the Pushdo variant are India, Vietnam and Turkey. Since Pushdo has resurfaced, the public and private keys used to protect the communication between the bots and the Command and Control Servers have been changed, but the communication protocol remains the same.
This discussion has been archived. No new comments can be posted.

Pushdo Trojan Infects 11,000 Systems In 24 Hours

Comments Filter:
  • by Anonymous Coward on Thursday July 17, 2014 @11:01AM (#47474931)

    What operating system does this software run on?

    • by just_another_sean (919159) on Thursday July 17, 2014 @11:04AM (#47474953) Homepage Journal

      This is what I was wondering... AFAICT the first link is /.'ed and the second link doesn't go in to any technical details. I'm assuming Windows until I hear otherwise but the geographic mix is interesting; are these Windows XP boxes? Is the fact that the infections are concentrated in India and Asia an indication of the many people there that have not upgraded?

      I'd never heard of Pushdo before this, anyone else know more about it?

    • by mspohr (589790)

      We always assume Windows (to the point where most articles don't even mention it) and that is true again in this case.
      It is useful to know which versions of Windows:
      Systems affected:

      The Pushdo trojan malware affects the following systems:

      Windows 2003
      Windows XP
      Windows 2000
      Windows NT
      Windows 98
      Windows 95

      • Re: (Score:3, Insightful)

        by operagost (62405)
        So basically, all EOL systems that have no business being connected to a network except for 2003, which also shouldn't be connected unless it has SP2 and all security patches.
  • I just don't understand how this is worth a headline on Slashdot. The targeted population centers alone are so vast and connected that 11k is a pittance. The common flu probably has a greater influence there.

  • by Joe Gillian (3683399) on Thursday July 17, 2014 @11:08AM (#47474989)

    The way the article describes Pushdo, it sounds a lot like ZeuS - they use practically the same methods of operation (DGA to generate random domain names, fast-flux to stop anyone shutting down the C&C servers) and it seems that like ZeuS, Pushdo started from an initial codebase and was changed multiple times after being shut down.

    • It's not a Zeus variant. It's world's largest spambot ever (72bn messages per day). The figures show the old bots getting upgraded to the new variant.
  • by Curunir_wolf (588405) on Thursday July 17, 2014 @01:25PM (#47476353) Homepage Journal
    Just shutdown No-IP servers. That should fix it.
  • North Korea is least affected, due to their "Don't let anyone have computers, well they don't have electricity anyway" security policy.
  • Is this distributed by E-Mail, a bug in Windows? IE, Firefox etc.?

  • Just use Linux.

The biggest mistake you can make is to believe that you are working for someone else.

Working...