The Pushdo botnet, a.k.a. “Cutwail” and “Pandex,” has been flooding those sites with bogus SSL connections that stop short of requesting anything from the Website. The infected bots begin to initiate an SSL connection with some “junk” traffic and then disconnect, according to The Shadowserver Foundation. Shadowserver and other researchers have been monitoring the activity, which increased traffic by several million hits across several hundred thousand IP addresses, according to Shadowserver.

The botnet hit the ZeusTracker Website, for example, with hundreds of thousands of different IP addresses within a 24-hour period. “This is a lot of bots generating a lot of traffic,” blogged Steven Adair, a researcher with Shadowserver. Recent code changes to Pushdo resulted in its bots generating the “junk” SSL connections to the 315 Websites, he said.

So what is Pushdo up to? Joe Stewart, director of malware research for Secureworks, says the botnet is making fake SSL connection attempts: Malformed packets cause the server to return an SSL negotiation error. “By adding the initial header of an SSL conversation, they may be attempting to avoid closer scrutiny by less vigilant inspection devices,” Stewart says. “And by sending a flurry of these connections to a number of legit ‘decoy’ sites, it helps the Pushdo C&C [command and control] traffic blend in and remain undetected in some cases,” he says.

It’s unclear thus far whether this is a test-run for phony SSL connections gone amuck that ended up exposing this Pushdo traffic, or something else. Stewart says it’s possible there could be more to the latest activity, such as the botnet’s rotating its target lists. “It’s hard to say,” he says.

Blending in has traditionally been Pushdo’s trademark: Although it’s one of the top five spamming botnets, it’s also one of the more under-the-radar botnets around. But this latest activity has researchers wondering how this massive surge of traffic, which resembles a distributed denial-of-service (DDoS) attack, would ultimately help its traffic blend in and become less detectable.

Shadowserver says the traffic is technically an attack, even though it doesn’t appear to be trying to knock the sites offline like a DDoS does. “We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair says.

Secureworks’ Stewart says he has witnessed botnets sending traffic via SSL or port 443, but this phony SSL connection attempt is a first. “The Pushdo C&C protocol now also uses similar packets to encapsulate its encrypted/compressed phone-home requests,” he says. “Port 443 is commonly being used to proxy all kinds of non-SSL traffic by legit applications and bots alike, so it stands to reason that a heuristic one might look for suspicious or firewall-policy-violating traffic connections over port 443 that aren’t using SSL.”

The surge in traffic from Pushdo could cause problems for Websites with limited bandwidth and that typically get only a few hundred to a few thousand hits daily, Shadowserver says.

Location based services take a lot of flack for their privacy issues, but so far the biggest obstacle in their acceptance has been that they’re a huge pain to use, typically requiring extra browser plugins and annoying sign-up processes. The new version of Firefox is probably going to change that, at least for desktop browsers, because it will have location detection baked in. Up until now it seemed like Mozilla was going to be using Geode, a plugin it first annouced back in October, as its default location provider.

The switch to Google is obviously a big win for Google Latitude, and it will also likely give Google access to volumes of local data that will allow it to offer hyper-targeted advertising to businesses (or maybe not, at least for now – see below). As with Google’s search deal with Mozilla, which was recently extended through 2011, I suspect Google is paying a pretty penny for the right to be the browser’s default provider. In 2006, that search deal alone reportedly accounted for $57 million, or around 85% of Mozilla’s total revenue.

Mozilla says that there is no money changing hands in this case, and that it is totally unrelated to the search deal. Mozilla wanted to break the ‘chicken and the egg’ problem of location, and decided to go with Google because they saw eye-to-eye on privacy issues. Also Google says that the data isn’t currently being used for advertising purposes (at least for now), and that this is really about getting location-based functionality deployed to the web. But even without the advertising dollars, there is one very major upside: Google is going to be able to perfect its location database, with millions of users tapping into it on a daily basis. And that database is going to be extremely valuable going forward.

Google’s plans extend well beyond the Firefox browser, too. Internet Explorer is still the dominant browser on the web, and Google recently released an update to its Toolbar which includes the same location detection service as Firefox will. Of course, users will still have to download the plugin, which makes the barrier to entry significantly higher than it will be on Firefox.

I also came across a really cool article that basically lists 8 simple “hacks” for Firefox to more than double the browser’s speed and it claims these changes can only take around 5 minutes to apply! Here is a short list of what the article has to offer as you can go there to read about all the juicy details!

Enable pipelining
Render quickly
Faster loading
No interruptions
Block Flash
Increase the cache size
Enable TraceMonkey
Compress data

Since I don’t use Firefox as all my co-workers say I should, I haven’t really looked into the effectiveness of these little “hacks” but from what I read they seem to be some pretty good little changes you can make! So check out the full article Here!