«
»

Pushdo/Cutwail Botnet is warming up to bounce back – I

2010/08/30, 10:42 am

Few days ago, LastLine’s Thorsten Holz and his team have successfully given a strike on Pushdo/Cutwail botnet infrastructure – Insights into the Pushdo/Cutwail Infrastructure(nice references). This action has a significant impact on the Cutwail, that’s the reason of the following figure(From M86 Security Lab blog – Pushdo Botnet Crippled)

It did give us a quiet inbox. But, the question is how long.

Following are some data from my Pushdo/Cutwail/Webwail Botnet Tracker.

Before, there were 13/23 Pushdo C&C servers, 34/69 Cutwail C&C servers and 5/5 Webwail C&C servers alive.

After, there are 5/23 Pushdo C&C servers, 2/69 Cutwail C&C servers and 4/5 Webwail C&C servers alive.

How did this botnet gang response to this?(Screenshots from my botnet tracker)

They added 2 new Pushdo C&C servers(all located in US)

They added 4 new Cutwail C&C servers(all located in US)

I’m sure they will add more Cutwail C&C servers in this week.


-Kyle Yang

Tags: , ,
Category: Botnet Researching  |  Comment (RSS)  |  Trackback

2 Comments

  1. Malware Research » Blog Archive » Pushdo/Cutwail Botnet is warming up to bounce back – II says:
    2010/08/31 at 10:35 am

    [...] About « Pushdo/Cutwail Botnet is warming up to bounce back – I [...]

  2. Malware Research » Blog Archive » Pushdo/Cutwail Botnet is warming up to bounce back – III (Sasfis, Asprox, Cutwail, FakeAV, CMultiDownloader) says:
    2010/09/02 at 12:26 am

    [...] my previous 2 blogs( I and II), Pushdo/Cutwail gang already added 10 Cutwail servers. You might be interested in what spam [...]

Leave a Reply