Pushdo botnet launches web attacks

Several US sites have been attacked by the Pushdo botnet

A large botnet has begun targeting hundreds of sites with denial-of-service (DoS) attacks.

Researchers believe that a malware network known as Pushdo has recently stepped up its activity, and has been attempting numerous attacks on US government sites as well as security blogs and social networking sites.

Security watchdog group the Shadowserver Foundation said that the attacks began last week and attempted to use SSL traffic to cripple targeted sites. Twitter, Mozilla.org, security research group Sans and the homepage of the CIA are all thought to have been targets.

First spotted in 2007, Pushdo also goes by the names Cutwail and Pandex. At its height, the botnet was believed to account for a sizeable portion of all malicious spam traffic.

However, the latest attacks seem to have been far less successful. Sans researcher Johannes Ullrich said in a blog post that little downtime had been reported, probably due to the large number of targets diluting Pushdo's resources.

"At this point, it is not clear what the intention is of this botnet. If its intention is a DoS attack, then it failed," he wrote. "It does not appear that any of the sites listed experienced significant Pushdo-related outages."

Ullrich also said that the failed attacks have allowed Sans to better analyse the botnet and gain a clearer picture of how it works.