Spam volume plunges in wake of Pushdo takedown

A botnet responsible for frequent malicious spam campaigns has been reduced to a whisper.

At least for now.

Thanks to efforts by LastLine, makers of malware analysis tools, the Pushdo botnet has been crippled, which has resulted in the near immediate plummet in spam.

Thorsten Holz, a senior threat analyst at the company, said researchers pinpointed 30 command-and-control (C&C) servers linked to Pushdo-compromised machines. The servers were hosted by eight different providers around the world.

"We contacted all hosting providers and worked with them on taking down the machines, which led to the takedown of almost 20 servers," Holz wrote Thursday in a blog post. "Unfortunately, not all providers were responsive and thus several command-and-control servers are still online at this point."

The C&C servers that were knocked offline prevented infected machines from being able to connect to the control hubs for instructions.

This immediately resulted in a dramatic decline in the amount of spam delivered by the botnet, also known as Cutwail, according to M86 Security. Until now, Pushdo arguably was the most prolific spamming botnet on the web, responsible for many campaigns that try to trick users into clicking on malicious email attachments or URL links. If users fell for the ruse, their machines likely were infected with a trojan downloader.

"Still, we must sound a note of caution," M86 spam expert Phil Hay wrote in a blog post Friday. "Previous experience has taught us that these botnet takedowns are short lived. Disabling control servers does not incapacitate the people behind the botnet. It is highly likely they'll be back before long with new control servers, and bots to do their spamming."

A Google Postini report released in the spring concluded that despite successful dismantling of a number of botnets, including Zeus, Waledac and Mariposa, spam levels were not dramatically affected.