Botnet Making Fake SSL Connections

A recent report from CNet relates how a botnet is making fake SSL connections to a variety of popular hosts in order to hide the central control center of the botnet.

The list of affected hosts (from the botnet fighters at is enormous; it includes hosts from such people as Ubuntu Linux, Twitter, the US CIA,, National Science Foundation (NSF), Dropbox, NASA, the US Army, the US Navy, the Pirate Bay, Wisconsin Unemployment Insurance, IEEE, US National Institutes of Health (NIH), Symantec, Sun, and so many more… has more about these fake SSL connects in their January calendar.

The Pushdo botnet is responsible; it reportedly has been around since 2007 and is the second largest botnet in the world. TrendMicro did an in-depth analysis of Pushdo a while back. SecureWorks also has a nice analysis of Pushdo as well. Microsoft’s Matt McCormack had a widely read article on Pushdo.

These SSL connections are never completed, and are mostly just a nuisance for web operators. However, on the other hand, the botnet is a serious problem – second largest in the world after all. We can only hope those that are in the know manage to shut it down soon.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: