"SecureWorks anti-malware guru Joe Stewart, a veteran reverse-engineer who spends the majority of his time breaking apart malware samples, said the control server that powers Pushdo is preloaded with about 421 different malware executables—waiting to be delivered to infected Windows machines.
The malware itself uses electronic greeting card lures—spammed to e-mail inboxes—to trick Windows users into launching the executable.
Once the Trojan is executed, Pushdo immediately reports back to an IP address embedded in the code and connects to a server that pretends to be an Apache Web server and listens on TCP port 80." Inside a Modern Malware Distribution System
You may also like to read