11:36 pm (UTC-7) | by Robert McArdle (Senior Threat Researcher)
Over the course of our blog series on Pushdo we have covered some of the key aspects of the threat – how it spams, its stealth components, sniffer and some background on its underground links to Russia. But out of all of these articles the part that got the most feedback was when we declared traditional AV incapable of dealing with this threat. So what can we do–or is it time to invest in lots of tinned food to best prepare for the coming apocalypse?
Perhaps we should clarify our point by saying that traditional antivirus cannot deal with Pushdo on its own–but must be deployed in conjunction with other lines of defense. To defeat Pushdo we need to fight it in the Web, over email AND on the endpoint itself. The fact is that this is exactly what the Trend Micro Smart Protection Network is set up to do, by blocking malicious web threats and emails before they even arrive to the end user. SPN is described as an in-the-cloud technology, but what does this mean? After all the software is installed on one of your machines sitting in your office. What’s so in-the-cloud about that?
The fact is that the really cool stuff behind the Smart Protection Network actually takes place in the cloud. The end user may simply see (or not as the case may be) a spam email being blocked–but in the background this can kick off a whole series of processes–such as automatically blocking malicious URLs in the mail, spidering the malicious site to download all hosted malware, automatically analysing and detecting these malware (and all the spam / malicious URLs that are associated with them of course), etc. This whole process helps constantly improve user’s protection without any need for action on their part.
So the next time someone tells you that they are safe from malware because they have antivirus installed, tell them to think again–it really does matter what additional levels of protection they have in place.
For those of you who have found these articles interesting, congratulations on getting this far! If you want to look at Pushdo in even more detail (and find out about the technical aspects we did not have time to discuss), check out our white paper:
Previous Pushdo/Cutwail posts from this series can be read at following links :
Pushdo/Cutwail – The Art of Spamming (Part 1 of 5)
Pushdo/Cutwail – From Russia with Love (Part 2 of 5)
Pushdo/Cutwail – Can’t Touch This (Part 3 of 5)
Pushdo/Cutwail – Sniffing for the Win (Part 4 of 5)
Share this article