Security Best Practice: Protect Yourself from Pushdo Denial of Service Attacks
| Check Point Reference: | SBP-2010-10 | |
| Date Published: | ||
| Severity: | ||
| Source: | TrendMicro: A study of the Pushdo / Cutwail botnet | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows machines | ||
| Vulnerability Description Pushdo, primarily a botnet used for sending spam emails that has been around since January 2007, contains an advanced downloader component that is able to constantly update itself with new components. Infected machines suffer complete compromise, leading to exposure of confidential information and further network compromise. Recently Pushdo made news again when changes in its code instructed infected nodes to create junk SSL connections to hundreds of SSL-enabled websites. According to a study published by TrendMicro, Pushdo is the second largest spam botnet on the planet, believed to be responsible for approximately 7.7 billion spam emails per day making it responsible for 1 out of every 25 spam emails sent world-wide. Check Point provides protection that detects and blocks Pushdo denial-of-service attacks. |
||
|
Vulnerability Details Several reasons account for Pushdo's ability to go undetected: - Pushdo is responsible for a huge amount of spam activity and is also primary vehicle for spreading third-party malware. This has helped the botnet keep a lower profile than its more famous competitors. - Pushdo components are almost all memory resident, with very few being written to disk. - Pushdo contains no means of self replication such as the well-known Conficker botnet which spreads via vulnerability exploitation and mass mailing. - The botnet owners tend to frequently change Pushdo's functionality and code. |
Protection Overview
This protection will detect and block Pushdo attacks.
To configure the defense, select your product from the list below and follow the related protection steps.