Cutwail operators aim DDoS at Zeus competitors

Share this article:
Name.com, Facebook and Verizon are among the companies backing the newly-formed group.
Researchers at RSA noted the "battle of the botmasters" taking place.

Analysts detected operators of one botnet targeting another malware control hub via distributed denial-of-service (DDoS) attacks.

According to researchers at RSA, the “battle of the botmasters” took place when Cutwail "botmasters" inundated the infrastructure of another botnet using at least 300,000 infected machines at their disposal.

The firm began tracking the control server communications in mid-August.

On Thursday, a senior researcher at RSA FirstWatch Team going by the alias, “Fielder,” blogged about the occurrences. The researcher revealed that the DDoS attacks were aimed at competing Zeus command-and-control infrastructures.

Cutwail, the world's largest spam botnet, is often used to distribute malware, including the banking trojan Zeus, via exploit kits.

“Looking at the destination IP addresses under attack showed that each one has been related to Zeus and Zbot command-and-control hosts – suggesting that the malware authors are using the Cutwail framework to actively engage in attacks against other Zbot and Zeus command-and-control infrastructures,” Fielder wrote.  

On Friday, Chris Elisan, a principal malware scientist at RSA, told SCMagazine.com in a follow up interview that DDoS attacks were an easy way for saboteurs to stall another gang's operations with minimal effort.

“It's one way of trying to actively disable a certain attack group, because it's really hard to stop a DDoS attack,” Elisan said. “If they want to disable a certain operator, it's really easy for them to do that…You just need the IP address or domain of the target.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.