Botnet operators in the criminal underground are launching large denial of service attacks against each other in a bid to knock out rivals in the race to compromise computers.
Security researchers have discovered command and control servers owned by operators of Zeus botnets were blasted by those running a rival Cutwail botnet in a distributed denial of service attack reaching 300,000 connections a minute.
Cutwail is also an established botnet which is typically involved in sending spam via the Pushdo trojan, at its peak pushing out millions of emails a day.
University researchers said in a paper that Cutwail, known to spammers as '0bulk Psyche Evolution', was rented to spam affiliates who pay fees to the botmasters totalling hundreds of thousands of dollars, in order to launch spam campaigns (pdf).
RSA researchers found a hit list of new dynamically generated domain names within a Cutwail botnet which served as infrastructure targets of the operator's rivals.
A senior threat researcher that runs under the handle 'Fielder' wrote he was surprised to find evidence of the continual fighting.
"This is an incredibly interesting finding as it suggests some fierce competition within the criminal underground," Fielder said.
"This was quite literally a live action view of botmasters attacking one another."
The research team examined the attacked IP addresses and found that each was related to Zeus and Zbot (Zeus) command and control hosts.
The attacker's IP addresses were tracked since August and linked to Zeus and kryptik trojans and variants, as well as Bitcoin mining activity.
These addresses were also embroiled in a "long history" of malware campaigns including those foisting the formerly infamous BlackHole exploit kit, spam campaigns and an effort to serve malware over IRC and BitTorrent.