We recently came across a compromised website pushing out a payload that belongs to the Pushdo botnet, a botnet reportedly controlled by a well-funded Eastern European Cybercrime group. This botnet has often been closely associated with the Cutwail spam botnet. In the past, the Cutwail group would spam out payloads for the Pushdo botnet, which […]
Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like “&av” (for antivirus?) and “&vm=”(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host […]
[News from my colleagues in Russia, Aleksandr Matrosov and Eugene Rodionov.]Recently, we had a stroke of luck: our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen previously. It took some time to find out what it is intended to do. After some preliminary analysis we discovered that […]
Latest Comments