Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pushdo spamming botnet still active in the wild

Pushdo botnet continues to infect a large number of users worldwide, mainly in India, Indonesia, Turkey and Vietnam. Security experts at the Fidelis Cybersecurity firm have discovered a new variant of the Pushdo spamming botnet, which infected machines in more than 50 countries worldwide. The botnet is able to send out around 7.7 billion spam […]

Pushdo spamming botnet still active in the wild

Pushdo botnet continues to infect a large number of users worldwide, mainly in India, Indonesia, Turkey and Vietnam.

Security experts at the Fidelis Cybersecurity firm have discovered a new variant of the Pushdo spamming botnet, which infected machines in more than 50 countries worldwide. The botnet is able to send out around 7.7 billion spam messages per day.

“Pushdo was very successful in what it did, so coming up with various revisions or versions of it makes a lot of sense for the bad guys,” said Mike Buratowski, vice president of Fidelis Cybersecurity.

Pushdo is among the most long-lived botnet and it has been around since 2007 despite law enforcement have conducted at least four operations to shut it down.

The principal vectors of infection for the Pushdo botnet are spam messages and drive-by download attacks, in some cases the experts noticed that it has been dropped by other malware.

The point of strength of the Pushdo botnet is the frequently changing command-and-control servers that make it resilient to law-enforcement take over. The Pushdo bot tries to contact a sequence of different C&C servers, if a first server doesn’t respond the malware passes to the second one, and so on.

“Pushdo has evolved it’s Command-and-Control techniques beyond what has previously been published in the research community. The DGA component of this infrastructure uses an elaborate algorithm and has moved entirely to domains registered in Kazhakstan (.kz).” reads the advisory published by Fidelis Cybersecurity.

The greatest number of infections is located in India, Indonesia, Turkey and Vietnam, the latest version of the Pushdo botnet is used by cyber criminals to spread several strain of malware, including the Fareit data stealer, Cutwail spam malware and online banking menaces such as Dyre and Zeus.

pushdo botnet infections

The experts used sinkholing to track the machines composing the botnet, researchers at Fidelis discovered the complex DGA algorithm implemented by the Pushdo botnet to generate the C&C domains. The algorithm is used to generate 30 different domains names a day used to control the botnet, the experts was able to predict these name, to register them and study the botnet by sinkholing it.

The majority of domains used by the Pushdo botnet belong to Kazakhstan (.kz).

In order to mitigate the infection, Fidelis provided a set of Yara rules that could be used by network administrators to block bot agents from contacting C&C servers.

Pierluigi Paganini

(Security Affairs –  Pushdo botnet, malware)