Archive for August 2010

Pushdo/Cutwail Botnet is warming up to bounce back – II

2010/08/31, 10:34 am

Just like I said in my previous blog, Pushdo/Cutwail gang will add more servers in this week.  Check the following info from my tracker.

They added another 6 Cutwail C&C servers.

-Kyle Yang

Tags: ,
Category: Botnet Researching  |  1 Comment

Pushdo/Cutwail Botnet is warming up to bounce back – I

2010/08/30, 10:42 am

Few days ago, LastLine’s Thorsten Holz and his team have successfully given a strike on Pushdo/Cutwail botnet infrastructure – Insights into the Pushdo/Cutwail Infrastructure(nice references). This action has a significant impact on the Cutwail, that’s the reason of the following figure(From M86 Security Lab blog – Pushdo Botnet Crippled)

It did give us a quiet inbox. But, the question is how long.

Following are some data from my Pushdo/Cutwail/Webwail Botnet Tracker.

Before, there were 13/23 Pushdo C&C servers, 34/69 Cutwail C&C servers and 5/5 Webwail C&C servers alive.

After, there are 5/23 Pushdo C&C servers, 2/69 Cutwail C&C servers and 4/5 Webwail C&C servers alive.

How did this botnet gang response to this?(Screenshots from my botnet tracker)

They added 2 new Pushdo C&C servers(all located in US)

They added 4 new Cutwail C&C servers(all located in US)

I’m sure they will add more Cutwail C&C servers in this week.


-Kyle Yang

Tags: , ,
Category: Botnet Researching  |  2 Comments