Inside a Modern Malware Distribution System

SecureWorks anti-malware guru Joe Stewart is not one to be intimidated by advances in online crime activity.

But, when he reversed the backend code associated with the Pushdo Trojan downloader, he discovered a modern malware distribution system fitted with complex tracking mechanisms and hiding techniques—another clear sign that virus fighters are up against a clever and sophisticated enemy.

Stewart, a veteran reverse-engineer who spends the majority of his time breaking apart malware samples, said the control server that powers Pushdo is preloaded with about 421 different malware executables—waiting to be delivered to infected Windows machines.

The malware itself uses electronic greeting card lures—spammed to e-mail inboxes—to trick Windows users into launching the executable.

Once the Trojan is executed, Pushdo immediately reports back to an IP address embedded in the code and connects to a server that pretends to be an Apache Web server and listens on TCP port 80.

“We’ve seen examples of sophisticated Trojan downloaders but this is the first time I’ve gotten into the backend controller to see the level of tracking it’s doing,” Stewart said in an interview with eWEEK. “This one does a lot of high-level reconnaissance, making sure it hits the right targets,” he said.

For starters, the Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes to allow the malware distributor to limit one of the malware loads from infecting users located in a particular country. This also provides to target a specific country or countries with a specific payload, Stewart said.

Every victim is tracked meticulously. Stewart found that Pushdo logs the IP address of the infected machine, whether or not it was an administrator account on the machine.

Read the full article at eWEEK.

Neuroscientist reveals a new way to manifest more financial abundance

Breakthrough Columbia study confirms the brain region is 250 million years old, the size of a walnut and accessible inside your brain right now.

Learn More

Picture of Ryan Naraine

Ryan Naraine

TRENDING AROUND THE WEB

10 subtle behaviors of a man who has fallen out of love, according to a relationship expert

10 subtle behaviors of a man who has fallen out of love, according to a relationship expert

The Blog Herald

8 things you’ll learn from living with a narcissist, according to psychology

8 things you’ll learn from living with a narcissist, according to psychology

Global English Editing

Woman left “bewildered” after boyfriend demands she should have “disclosed” her past plastic surgeries on their first date

Woman left “bewildered” after boyfriend demands she should have “disclosed” her past plastic surgeries on their first date

Personal Branding Blog

8 subtle behaviors of people who are addicted to being busy, according to psychology

8 subtle behaviors of people who are addicted to being busy, according to psychology

Small Business Bonfire

If a man displays these 10 behaviors, he wants to spend his life with you

If a man displays these 10 behaviors, he wants to spend his life with you

The Vessel

People who flourish in their later years tend to follow these 8 practices

People who flourish in their later years tend to follow these 8 practices

Jeanette Brown