Pushdo Sinkholing Continues, Size of Problem now Apparent
The sinkholing of Pushdo C&C domains continues and it has become apparent that the botnet is of quite sizeable proportions and pretty well spread globally – although some interesting prevalence patterns can be discerned in the new map provided by Bitdefender researchers, summarizing the connection attempts in the past 24 hours.
As can be seen, Asia is the most affected continent, in a sharp departure from the spreading patterns of other botnets which simply stay proportional with Internet connectivity in the affected countries.
The most affected countries, by number of unique IPs attempting to connect for the past day, are, in order:
|Iran, Islamic Republic of||402|
The research project is still ongoing and further data will be made available in the following days.
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021
How We Tracked a Threat Group Running an Active Cryptojacking Campaign
July 14, 2021
A Note from the Bitdefender Labs Team on Ransomware and Decryptors
May 26, 2021
New Nebulae Backdoor Linked with the NAIKON Group
April 28, 2021
Good riddance, GandCrab! We’re still fixing the mess you left behind.
June 17, 2019