In an ironic twist, Pushdo botnet users are sending spam to a website meant to educate users on malware, researchers said.
The site, PracticalMalwareAnalysis.com, was a target of the Pushdo-related spam, said Blue Coat Systems researchers Chris Larsen and Jeff Doty, who co-authored a blog post on the subject.
Since the malware appeared in 2007, Pushdo has repeatedly delivered data-stealing Trojans, like Zeus and SpyEye, via its spamming module Cutwail. And in this instance, the Pushdo botnet causes infected computers to spam out emails containing the Trojan Zeus, researchers said.
PracticalMalwareAnalysis.com is a marketing site for a book of the same name written by Michael Sikorski and Andrew Honig. The book attempts to provide readers with a “hands-on guide to dissecting malicious software.”
In addition to spreading Zeus, Pushdo operators coded the malware so infected computers running a malware monitoring tool called FakeNet – which the authors of “Practical Malware Analysis” created and released with the book – spam the companion site with emails. FakeNet allows analysts to create a “fake” network capable of tracking malware.
“After it compromises your machine, it starts to send out spam to all sorts of people,” Doty wrote of Pushdo. “That spam contains an attachment that is a Zeus payload.”