Cutwail operators aim DDoS at Zeus competitors

Share this article:
Name.com, Facebook and Verizon are among the companies backing the newly-formed group.
Researchers at RSA noted the "battle of the botmasters" taking place.

Analysts detected operators of one botnet targeting another malware control hub via distributed denial-of-service (DDoS) attacks.

According to researchers at RSA, the “battle of the botmasters” took place when Cutwail "botmasters" inundated the infrastructure of another botnet using at least 300,000 infected machines at their disposal.

The firm began tracking the control server communications in mid-August.

On Thursday, a senior researcher at RSA FirstWatch Team going by the alias, “Fielder,” blogged about the occurrences. The researcher revealed that the DDoS attacks were aimed at competing Zeus command-and-control infrastructures.

Cutwail, the world's largest spam botnet, is often used to distribute malware, including the banking trojan Zeus, via exploit kits.

“Looking at the destination IP addresses under attack showed that each one has been related to Zeus and Zbot command-and-control hosts – suggesting that the malware authors are using the Cutwail framework to actively engage in attacks against other Zbot and Zeus command-and-control infrastructures,” Fielder wrote.  

On Friday, Chris Elisan, a principal malware scientist at RSA, told SCMagazine.com in a follow up interview that DDoS attacks were an easy way for saboteurs to stall another gang's operations with minimal effort.

“It's one way of trying to actively disable a certain attack group, because it's really hard to stop a DDoS attack,” Elisan said. “If they want to disable a certain operator, it's really easy for them to do that…You just need the IP address or domain of the target.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.