Got PushDo SSL packets?
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the PushDo botnet. There has been a large rise in the detection of SSL packets hitting a number of domains, www.sans.org included.
If you are the admin of one of these 315 sites and you can grab some of these packets in a pcap and your willing to share, can you upload them via our contact form so that we can compare with what we are seeing.
Have a good weekend.
Steve Hall
ISC Handler of the day
Keywords: PushDo
2 comment(s)
×
Diary Archives
Comments
Has anyone bothered to correlate any similarities in the targets? For example are they running the same server or proxy or the same version of OpenSSL, etc.?
-Manichattan II
Manichattan II
Feb 1st 2010
1 decade ago
Sticky©
Feb 2nd 2010
1 decade ago