When it comes to the world of Botnets, there are several different kinds that you have to worry about.
Since a botnet is basically a group of computers that have been hijacked by one main user, they can be used to send out any kind of data that they would like.
Some of these botnets send out harmless spam messages, others may send out data that has links to malicious code in it.
Until it sends the actual data, there is no telling what a particular botnet is ever going to do.
The Pushdo Botnet
In the case of the botnet known as Pushdo, it has always been relatively quiet.
Usually it just pushes out spam to unsuspecting targets.
Now it has changed its tune a bit.
It is now sending fake SSL connections.
Security researchers do not know why yet.
There is no attack that is known in the wild, that uses this kind of technique.
It has the look of a DDOS effort but some of the tactics being used do not mirror such an attack.
It can also be a case, of a botnet gone wrong.
There could have been some kind of test that the owners of the botnet were performing that went horribly wrong.
If this is the case their mistake could have exposed thousands of it’s zombie nodes to security researchers.
They could of course get more, but this still a huge blow to their botnet.
Again, if it was a mistake.
Could It Be A Test Run?
Most security researchers do not believe that it is a mistake.
They feel that the botnet is just making a test run for something bigger in the future.
As of right now, the botnet is sending junk SSL connection request.
Once the server responds to the request, then the nodes on the botnet switch off.
They are doing this thousands of times a minute.
There is no other known attack that follows this same technique.
Some researchers believe that a lot of the traffic that it is sending, is decoy traffic.
This means that they send a bunch of traffic, and while most of the request are fake, some of them are real.
The real request hide in the fake traffic, hoping not to be noticed.
The real request are the ones being used to cause some sort of damage.
Even if this is the case, they still do not know what damage is being caused by the so called “real” attacks.
As of right now, they are going to have to wait for the owners of the Pushdo botnet to play their hand.
The Pushdo botnet, is one of the largest botnets on the Internet.
It doesn’t get the same press as the other ones, because it doesn’t cause too much damage.
We will have to see if this fact changes in the next couple of months.
As of right now, no one can figure out what they are doing.