Botnet Targets Web Sites With Junk SSL Connections

angry tapir writes "More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet. The FBI, Twitter, and PayPal are among the sites being hit, although it doesn't appear the attacks are designed to knock the sites offline. Pushdo appears to have been recently updated to cause computers infected with it to make SSL connections to various Web sites — the bots start to create an SSL connection, disconnect, and then repeat." SecureWorks's Joe Stewart theorizes that this behavior is designed to obscure Pushdo's command and control in a flurry of bogus SSL traffic.

Re:nginx to the rescue?

[JWSmythe]

    Not really.

    I've had to parse logs for similar things. Thousands of requests hit a particular exploitable web page, but only one or two IP's are sending further information. It's easy to trim it down the list of candidates, and find who the real problem is.

    That's what the feds do in any investigation. They have a broad list of suspects. They eliminate folks until they have their persons of interest, and then down to the guy who they'll be convicting.

Re:How to stop bot nets

is that because the antivirus program makes the computer crawl to a halt so the bot program has no CPU resources left to run?