|Check Point Reference:||SBP-2010-10|
|Date Published:||18 Feb 2010|
|Last Updated:||18 Feb 2010|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Pushdo is an advanced downloader which will first infect the system and then download a spam module (titled Cutwail) and a third party malware. Several reasons account for Pushdo's ability to go undetected: - Pushdo is responsible for a huge amount of spam activity and is also primary vehicle for spreading third-party malware. This has helped the botnet keep a lower profile than its more famous competitors. - Pushdo components are almost all memory resident, with very few being written to disk. - Pushdo contains no means of self replication such as the well-known Conficker botnet which spreads via vulnerability exploitation and mass mailing. - The botnet owners tend to frequently change Phshdo's functionality and code.|
This protection will detect and block Pushdo attacks.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Server Enforcement Violation.
Attack Information: Pushdo denial of service attack