Spam volume plunges in wake of Pushdo/Cutwail takedown

Malware analysis firm LastLine says it has crippled the Pushdo botnet, resulting in a near immediate plummet in spam.

Thorsten Holz, a senior threat analyst at the company, said researchers pinpointed 30 command-and-control (C&C) servers linked to Pushdo-compromised machines. The servers were hosted by eight different providers around the world.

"We contacted all hosting providers and worked with them on taking down the machines, which led to the takedown of almost 20 servers," Holz wrote in a blog post. "Unfortunately, not all providers were responsive and thus several command-and-control servers are still online at this point."

The C&C servers that were knocked offline prevented infected machines from being able to connect to the control hubs for instructions.

This immediately resulted in a dramatic decline in the amount of spam delivered by the botnet, also known as Cutwail, according to M86 Security. Until now, Pushdo was arguably the most prolific spamming botnet on the web, responsible for many campaigns that try to trick users into clicking on malicious email attachments or URL links. If users fell for the ruse, their machines were likely infected with a trojan downloader.

"Still, we must sound a note of caution," M86 spam expert Phil Hay wrote in a blog post. "Previous experience has taught us that these botnet takedowns are short lived. Disabling control servers does not incapacitate the people behind the botnet. It is highly likely they'll be back before long with new control servers, and bots to do their spamming."

See original article on scmagazineus.com