01 Sep 2010
Huge spamming botnet takes blow but still active
A botnet responsible for producing a substantial amount of spam has taken a major hit, but security experts say it could be just a matter of weeks before it is active again.
Spam levels dropped significantly when an internet security company delivered a crippling blow last week to the Pushdo/Cutwail botnet, which is responsible for as much as 10 percent of all spam.
The company began contacting ISPs that were hosting the botnet’s command-and-control infrastructure, managing to take down almost 20 of the 30 servers worldwide. However, some ISPs were unresponsive, according to IDG News.
Pushdo and Cutwail work together. Pushdo is a Trojan with the ability to generate random domain names. After it infects a computer, it downloads Cutwail, a malware capable of spamming and downloading other harmful programs.
The actions of the security company will almost certainly have a positive effect for two or three weeks, security expert Ed Rowley said. But it is only a matter of time before the spammers find other hosting providers to get their systems up and running, he added.
According to a recent report, the most prominent security threat facing internet users is the Trojan downloader Exploit.JS.Gumblar, which accounted for 5 percent of all malware during the second quarter of 2010.