In a bad horror movie, the monster is often killed, only to emerge again with renewed dreadfulness. PushDo, a granddaddy of the malware world, is worse than the Frankenstein monster, Dracula, and the Wolfman rolled into one.
The security industry has tried to put a stake in heart of this threat more than once. In fact, it has taken down PushDo at least four times in the past five years. Jeremy Demar, senior threat analyst at Damballa, told us that, though it is not a targeted threat, the malware is being used to spread the reach of the Cutwail botnet, one of the largest active spam bots. Damballa estimates that more than half a million infections have occurred to date. In addition to sending out much of the pharmaceutical spam, Cutwail has been tied to spam that tricks users into downloading the Zeus banking Trojan.
Working together, security research teams at Damballa, Georgia Tech, and Dell SecureWorks have measured the impact of a new variant. In a dual-pronged strategy, PushDo now targets hard-coded command-and-control domains and, if unsuccessful, uses domain generation algorithms (DGAs) as a back door to those servers. DGAs make it easier for malware to escape detection and even reinfect systems infected with previous versions.
“The PushDo malware is primarily a downloader,” said Brett Stone-Gross, a senior security researcher at Dell SecureWorks, told us. “What makes this variant interesting is that the cybercriminals have added measures to hide the packets and to make the exploit more resilient to cut down efforts.” By sending garbage traffic, for example, the malware attempts to make it harder for researchers to determine which server is being exploited.
The malware is designed to be difficult (if not impossible) to spot. There is little that most organizations can do to avoid infection, other than strictly adhering to basic best-practices. Users must be trained not to click on unfamiliar links in emails or on websites. Antivirus software and plug-ins should be kept up to date and patched quickly. “Network detection is key,” Demar said. “The cybercriminals are constantly able to evolve and defeat what is on the host. When a user clicks on a link, they are agreeing to bypass their own security.”
When will the horror of this threat end? It won’t happen anytime soon, according to Demar. “As long as there is money in it, they will find a way to do it. You have to stop the criminals, and anything else is just slowing them down.” In stalking the PushDo malware, perhaps the industry has set its sights on the wrong monster. It might be time to get to the real fiends: the people behind the threat.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
