Cutwail operators aim DDoS at Zeus competitors

Share this article:
Name.com, Facebook and Verizon are among the companies backing the newly-formed group.
Researchers at RSA noted the "battle of the botmasters" taking place.

Analysts detected operators of one botnet targeting another malware control hub via distributed denial-of-service (DDoS) attacks.

According to researchers at RSA, the “battle of the botmasters” took place when Cutwail "botmasters" inundated the infrastructure of another botnet using at least 300,000 infected machines at their disposal.

The firm began tracking the control server communications in mid-August.

On Thursday, a senior researcher at RSA FirstWatch Team going by the alias, “Fielder,” blogged about the occurrences. The researcher revealed that the DDoS attacks were aimed at competing Zeus command-and-control infrastructures.

Cutwail, the world's largest spam botnet, is often used to distribute malware, including the banking trojan Zeus, via exploit kits.

“Looking at the destination IP addresses under attack showed that each one has been related to Zeus and Zbot command-and-control hosts – suggesting that the malware authors are using the Cutwail framework to actively engage in attacks against other Zbot and Zeus command-and-control infrastructures,” Fielder wrote.  

On Friday, Chris Elisan, a principal malware scientist at RSA, told SCMagazine.com in a follow up interview that DDoS attacks were an easy way for saboteurs to stall another gang's operations with minimal effort.

“It's one way of trying to actively disable a certain attack group, because it's really hard to stop a DDoS attack,” Elisan said. “If they want to disable a certain operator, it's really easy for them to do that…You just need the IP address or domain of the target.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.

Researcher hacks iPhone 6 Touch ID sensor

Little progress was made security wise, between the iPhone 5S and iPhone 6 sensor, a researcher found.

Blackphone and Silent Circle announce bug bounty programs

Both programs offer a standard reward of $128 per qualifying vulnerability, although it could change depending on the severity of the bug.