Spam volume plunges in wake of Pushdo/Cutwail takedown

By

Almost 20 servers taken down.

Malware analysis firm LastLine says it has crippled the Pushdo botnet, resulting in a near immediate plummet in spam.

Thorsten Holz, a senior threat analyst at the company, said researchers pinpointed 30 command-and-control (C&C) servers linked to Pushdo-compromised machines. The servers were hosted by eight different providers around the world.

"We contacted all hosting providers and worked with them on taking down the machines, which led to the takedown of almost 20 servers," Holz wrote in a blog post. "Unfortunately, not all providers were responsive and thus several command-and-control servers are still online at this point."

The C&C servers that were knocked offline prevented infected machines from being able to connect to the control hubs for instructions.

This immediately resulted in a dramatic decline in the amount of spam delivered by the botnet, also known as Cutwail, according to M86 Security. Until now, Pushdo was arguably the most prolific spamming botnet on the web, responsible for many campaigns that try to trick users into clicking on malicious email attachments or URL links. If users fell for the ruse, their machines were likely infected with a trojan downloader.

"Still, we must sound a note of caution," M86 spam expert Phil Hay wrote in a blog post. "Previous experience has taught us that these botnet takedowns are short lived. Disabling control servers does not incapacitate the people behind the botnet. It is highly likely they'll be back before long with new control servers, and bots to do their spamming."

See original article on scmagazineus.com

Spam volume plunges in wake of Pushdo/Cutwail takedown
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
inofpushdosecurityspamtakedownvolumewake

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?