Botnet Sends Fake SSL Pings to CIA, PayPal, Others
Elinor Mills writes on C|Net News:
In attempt to hide the location of its command-and-control server, the Pushdo botnet has been instructing its infected zombie computers to send fake SSL (Secure Sockets Layer) connections to major Web sites, a botnet expert said on Monday.More here.
The strange traffic targeting the Web sites--including sites for the CIA, FBI, PayPal, Yahoo, and Twitter, according to a list at the Shadow Server Foundation--was not enough to cause any outages or slowdowns, said Joe Stewart, director of malware research at SecureWorks.
Site owners "would just see weird connections that don't seem to make sense," he said. "They look like they're trying to start an SSL handshake, but it comes in malformed and doesn't ever send anything after that first handshake attempt."