Security company recorded requests from almost 200,000 IP addresses

Jul 30, 2014 19:33 GMT  ·  By

Pushdo botnet continues to stay strong as a security company's systems recorded almost 200,000 unique IP addresses attempting to communicate with the domains of the command and control servers.

Bitdefender purchased domains that have been generated by the DGA (domain generation algorithm) component in Pushdo for sinkholing purposes.

The security firm has seen a constant rise in the number of IP addresses associated with infected computers trying to connect to the command and control servers of the operators in order to receive instructions.

In the latest report on the matter, the company says that the “research team saw the Pushdo bots calling home from a surprising 183.909 unique IP addresses, spread all over the world.”

Most of the infections are still located in Asia, India (21,768) being the most affected. However, the next two countries with the largest number of compromised computers are Vietnam (20,043) and Iran (9,787), the United States falling on the fourth position, with requests coming from 9,001 IP addresses.

Other affected countries are Turkey (8,865), Indonesia (8,240), Thailand (8,062), Argentina (6,212), Peru (5,828) and Mexico (5,447).

Bitdefender researcher Doina Cosovan said that the monitored Pushdo botnet is widespread and has an efficient command and control system, proof of this being the switch to a new DGA, announced by the company in the middle of July.

Bogdan Botezatu, senior e-threat analyst at Bitdefender, told us that Pushdo is delivered through Upatre, a Trojan that can download additional malware on a compromised computer.