Spam volume plunges in wake of Pushdo takedown

Share this article:

A botnet responsible for frequent malicious spam campaigns has been reduced to a whisper.

At least for now.

Thanks to efforts by LastLine, makers of malware analysis tools, the Pushdo botnet has been crippled, which has resulted in the near immediate plummet in spam.

Thorsten Holz, a senior threat analyst at the company, said researchers pinpointed 30 command-and-control (C&C) servers linked to Pushdo-compromised machines. The servers were hosted by eight different providers around the world.

"We contacted all hosting providers and worked with them on taking down the machines, which led to the takedown of almost 20 servers," Holz wrote Thursday in a blog post. "Unfortunately, not all providers were responsive and thus several command-and-control servers are still online at this point."

The C&C servers that were knocked offline prevented infected machines from being able to connect to the control hubs for instructions.

This immediately resulted in a dramatic decline in the amount of spam delivered by the botnet, also known as Cutwail, according to M86 Security. Until now, Pushdo arguably was the most prolific spamming botnet on the web, responsible for many campaigns that try to trick users into clicking on malicious email attachments or URL links. If users fell for the ruse, their machines likely were infected with a trojan downloader.

"Still, we must sound a note of caution," M86 spam expert Phil Hay wrote in a blog post Friday. "Previous experience has taught us that these botnet takedowns are short lived. Disabling control servers does not incapacitate the people behind the botnet. It is highly likely they'll be back before long with new control servers, and bots to do their spamming."

A Google Postini report released in the spring concluded that despite successful dismantling of a number of botnets, including Zeus, Waledac and Mariposa, spam levels were not dramatically affected.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.