Cutwail operators aim DDoS at Zeus competitors

Share this article:
Name.com, Facebook and Verizon are among the companies backing the newly-formed group.
Researchers at RSA noted the "battle of the botmasters" taking place.

Analysts detected operators of one botnet targeting another malware control hub via distributed denial-of-service (DDoS) attacks.

According to researchers at RSA, the “battle of the botmasters” took place when Cutwail "botmasters" inundated the infrastructure of another botnet using at least 300,000 infected machines at their disposal.

The firm began tracking the control server communications in mid-August.

On Thursday, a senior researcher at RSA FirstWatch Team going by the alias, “Fielder,” blogged about the occurrences. The researcher revealed that the DDoS attacks were aimed at competing Zeus command-and-control infrastructures.

Cutwail, the world's largest spam botnet, is often used to distribute malware, including the banking trojan Zeus, via exploit kits.

“Looking at the destination IP addresses under attack showed that each one has been related to Zeus and Zbot command-and-control hosts – suggesting that the malware authors are using the Cutwail framework to actively engage in attacks against other Zbot and Zeus command-and-control infrastructures,” Fielder wrote.  

On Friday, Chris Elisan, a principal malware scientist at RSA, told SCMagazine.com in a follow up interview that DDoS attacks were an easy way for saboteurs to stall another gang's operations with minimal effort.

“It's one way of trying to actively disable a certain attack group, because it's really hard to stop a DDoS attack,” Elisan said. “If they want to disable a certain operator, it's really easy for them to do that…You just need the IP address or domain of the target.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.