IDG News Service - Researchers are hoping to get a better insight on botnets after taking down part of Pushdo, one of the top five networks of hacked computers responsible for most of the world's spam.
Thorsten Holz, an assistant professor of computer science at Ruhr-University in Bochum, Germany, said his group is working on an academic paper focused on methods to figure out what type of malicious spamming software is on a computer that sent a particular spam e-mail.
They looked at several of the major spamming botnets, including Mega-D, Lethic, Rustock as well as Pushdo and Cutwail, two kinds of malware that appear to sometimes work together as part of the same botnet.
Holz said they found that Pushdo had a special characteristic in that more than half of its command-and-control servers were concentrated within one hosting company. Botnets use command-and-control servers to issue instructions to the infected PC, such as uploading spam templates and the target e-mail addresses to send spam.
About 15 of Pushdo's 30 servers were with that one hosting provider, which has now taken those servers offline and shared the data contained within them with Holz and his team. Their analysis is still ongoing, but they uncovered some 78 GB of plain text e-mail addresses, and that up to 40% of the infected computers were in India, a finding Holz said was surprising.
Other data within those servers should shed greater light on how Pushdo works. "We will analyze all the log data we have because I think we can provide a good overview of a modern spam operation," Holz said.
Of the eight hosting providers that had Pushdo's command-and-control servers, six took action to shut Pushdo down. But two hosting providers based in China did not respond to e-mail requests to turn off Pushdo or even acknowledged that they had received a complaint, Holz said. Although the spam volume from Pushdo has dropped, it is likely that its operators will be able to ratchet it up again.
But Holz and his team now know which computers are infected with Pushdo. They're in the process of contacting the ISPs connect those computers to the Internet. The ISPs can then notify those customers that their computers are infected and take steps to help them clean up their machines, Holz said.
Although it is likely Pushdo's operators will be able to use the remaining servers that are still online to reconstitute the botnet, "if we can notify the victims of the compromised machines and get them cleaned, it still has a long-term impact," Holz said.
Identifying which machines are infected and then remediating those computers is seen as crucial to fighting botnets. In Germany, the government has launched an initiative that involves eight major ISPs collaborating to send e-mails to their customers notifying them that their machines may be infected with botnet code, Holz said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- BlackBeard Case Study In this case study, learn how a business with 95% of revenues generated online was hit by DDoS attacks over a 6-month period,...
- Four Ways DNS Can Accelerate Business Growth This e-book describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced traffic...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Network Security White Papers | Webcasts