Submission + - Inside a Modern Malware Distribution System 1
Scrabblous writes: "This eweek.com article provides a peek at the backend code and control server associated with Pushdo, a complex Trojan downloader that meticulously tracks its victims. From the article: For starters, the Pushdo controller uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes to allow the malware distributor to limit one of the malware loads from infecting users located in a particular country. It also goes a step further, logging the victim's primary hard drive serial number, tracking whether the file system is NTFS, the number of times the victim system has launched a Pushdo variant, and the Windows OS version that executed the malware."