Check Point Advisories

Pushdo Denial of Service Attack

Check Point Reference: SBP-2010-10
Date Published: 18 Feb 2010
Severity: Critical
Last Updated: 18 Feb 2010
Protection Provided by:

Security Gateway
R80, R77, R75, R71, R70

Who is Vulnerable?
Vulnerability Description Pushdo is an advanced downloader which will first infect the system and then download a spam module (titled Cutwail) and a third party malware. Several reasons account for Pushdo's ability to go undetected: - Pushdo is responsible for a huge amount of spam activity and is also primary vehicle for spreading third-party malware. This has helped the botnet keep a lower profile than its more famous competitors. - Pushdo components are almost all memory resident, with very few being written to disk. - Pushdo contains no means of self replication such as the well-known Conficker botnet which spreads via vulnerability exploitation and mass mailing. - The botnet owners tend to frequently change Phshdo's functionality and code.

Protection Overview

This protection will detect and block Pushdo attacks.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Pushdo Denial of Service Attack protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Pushdo denial of service attack

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO