Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Got PushDo SSL packets? - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Got PushDo SSL packets?

Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the PushDo botnet. There has been a large rise in the detection of SSL packets hitting a number of domains, included.

If you are the admin of one of these 315 sites and you can grab some of these packets in a pcap and your willing to share, can you upload them via our contact form so that we can compare with what we are seeing.

Have a good weekend.

Steve Hall
ISC Handler of the day


89 Posts
Jan 30th 2010
Has anyone bothered to correlate any similarities in the targets? For example are they running the same server or proxy or the same version of OpenSSL, etc.?
-Manichattan II

Maybe this is really a DDOS, since SSL handshake is more CPU intensive than a simple HTTP request. Question is: why waste so many bots for attacking so many different targets?


3 Posts

Sign Up for Free or Log In to start participating in the conversation!