Spam volume plunges in wake of Pushdo takedown

Share this article:

A botnet responsible for frequent malicious spam campaigns has been reduced to a whisper.

At least for now.

Thanks to efforts by LastLine, makers of malware analysis tools, the Pushdo botnet has been crippled, which has resulted in the near immediate plummet in spam.

Thorsten Holz, a senior threat analyst at the company, said researchers pinpointed 30 command-and-control (C&C) servers linked to Pushdo-compromised machines. The servers were hosted by eight different providers around the world.

"We contacted all hosting providers and worked with them on taking down the machines, which led to the takedown of almost 20 servers," Holz wrote Thursday in a blog post. "Unfortunately, not all providers were responsive and thus several command-and-control servers are still online at this point."

The C&C servers that were knocked offline prevented infected machines from being able to connect to the control hubs for instructions.

This immediately resulted in a dramatic decline in the amount of spam delivered by the botnet, also known as Cutwail, according to M86 Security. Until now, Pushdo arguably was the most prolific spamming botnet on the web, responsible for many campaigns that try to trick users into clicking on malicious email attachments or URL links. If users fell for the ruse, their machines likely were infected with a trojan downloader.

"Still, we must sound a note of caution," M86 spam expert Phil Hay wrote in a blog post Friday. "Previous experience has taught us that these botnet takedowns are short lived. Disabling control servers does not incapacitate the people behind the botnet. It is highly likely they'll be back before long with new control servers, and bots to do their spamming."

A Google Postini report released in the spring concluded that despite successful dismantling of a number of botnets, including Zeus, Waledac and Mariposa, spam levels were not dramatically affected.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.