Pushdo (Cutwail or Pandex) Botnet

Pushdo, also known as the Cutwail or Pandex botnet, is an advanced downloader that first infects a targeted system and then downloads the Cutwail spam module (also owned by the same group).

After they have sent out a number of spam emails from the infected computer, it reports the exact statistics on the number of emails that were delivered back to the spammer, as well as which and how many errors were reported. This malware also functions as a Distributed Denial of Service (DDoS) botnet that can be used to launch attacks on Secure Sockets Layer (SSL) encrypted websites over port 443.

Since 2007, Pushdo has been sending spam emails to over 19billion internet users worldwide. Pushdo began its mass attack alongside Storm botnet. However, Storm is no longer in the game, but Pushdo still goes on. Pushdo appears as a downloader software. When users access it, it downloads another software by the name Cutwail. Cutwail happens to be the spamming software, which gains access to the victim’s computer. Pushdo spam comes in a variety of ways, including online casinos, pharmaceuticals and phishing schemes.

Affected Platforms:

Microsoft Windows – all versions

Resolution:

  • A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
  • All operating systems, antivirus and other security products are kept up to date.
  • All day to day computer activities such as email and internet are performed using non-administrative accounts.
  • Strong password policies are in place and password reuse is discouraged.
  • Network, proxy and firewall logs should be monitored for suspicious activity.
  • User accounts accessed from infected machines should be reset on a clean computer





Leave a Reply