Slashdot Mirror


Inside a Modern Malware Distribution System

Scrabblous sends in this analysis of the Pushdo Trojan downloader's backend code and control server. Pushdo is a complex Trojan downloader that meticulously tracks its victims; much of its innovation is not in the Trojan itself but in its control infrastructure. Quoting: "The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This enables the Pushdo author to limit distribution of any one of the [421 different] malware loads from infecting users located in a particular country, or provides the ability to target a specific country or countries with a specific payload. Pushdo keeps track of the IP address of the victim, whether or not that person is an administrator on the computer, their primary hard drive serial number..., whether the filesystem is NTFS, how many times the victim system has executed a Pushdo variant, and the Windows OS version."

9 of 135 comments (clear)

  1. Re:the fix by Anonymous Coward · · Score: 0, Troll

    someone please mod this shit into oblivion...

  2. sounds pretty cool by Anonymous Coward · · Score: -1, Troll

    wouldn't mind playing with it, but probably won't cause of the illegalness of it

    1. Re:sounds pretty cool by Anonymous Coward · · Score: -1, Troll
    2. Re:sounds pretty cool by Anonymous Coward · · Score: -1, Troll

      i use this program with the power of c++

  3. Scary... by gmuslera · · Score: 0, Troll

    thats the 1st that comes to my mind when i see how sophisticated and commercial had become the bad guys. There have been a lot of stories regarding this kind of subject in the last months/years, and internet is becoming more and more like a minefield.

    I know that this one is pretty dependant on Windows (not only is the easy target, because users, numbers and the "security" of the system/browser present there), but i bet that some in that development can be translated to unix/mac systems (as is the user the one that mainly installs it, think in i.e. when was corrupted the SquirrelMail repository, if someone send spams away to make people to download it before it gets catched, and that installs in fact a trojan with that functionality).

  4. Re:Question about platform security by infonography · · Score: 1, Troll

    point 1. FUD, Microsoft's argument is a compete load of horsesht. The reason it's most effected is because low level identification of processes is obscured. Even if it's just simple rot13 encoding in registry to mask info about installed programs. In the *NIX world its almost impossible to hide a running process.

    point 2, Windows User basis = BOZOS also untrue. a lot can be done in the windoze world. its is just done with broken legs has the price of entry.

    Malware will go away when windows goes open source and not just the source that the scriptkiddies are using. pretty much every other OS manufacture has open sourced their code. Apple is tied to their hardware much like SGI did, they just do a better job then SGI did.

    --
    Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
  5. interesting by eneville · · Score: -1, Troll

    I thought the malware distribution system was vista off the shelf. It contains just about everything for distributing malware, but if you really want to distribute it as quickly as possible then it's best to attach the box to a chair and balmer will throw it in the general direction of the target system. This is a known and proven approach to getting malware onto a target.

  6. Switch to MacOS by Anonymous Coward · · Score: -1, Troll

    Guess this shows that people need to swap to a bug free and proven 100% secure OS like MacOS, or be victim to this stuff.

    1. Re:Switch to MacOS by Anonymous Coward · · Score: -1, Troll

      Guess this shows that people need to swap to a bug free and proven 100% secure OS like MacOS, or be victim to this stuff. Yeah, but there's a catch. Using Mac OS X will turn you gay. Is it really worth it?

      Let me tell you a story about my best friend. He was always with many chicks, usually banging 2-3 girls at a time. He always had chicks crazy about him. Then one day he needed a laptop and bought a Mac. Afterwards I didn't see him with many girls anymore, it was as if he lost interest. I had to go out of town for a few weeks, but when I got back, he was somewhat back to normal. Though, instead of banging 2-3 girls, he was banging 2-3 guys. The Mac made him totally gay. His mannerisms changed, he developed the "accent", he started dressing differently, etc. I was shocked that it was actually him, it was like he was a completely different person. Apple products did that to him.

      Stay away from Apple if you value your heterosexuality.

      --
      Mac OS X: The OS named after pussies used by men who love cock.