01 Sep 2010

Huge spamming botnet takes blow but still active

A botnet responsible for producing a substantial amount of spam has taken a major hit, but security experts say it could be just a matter of weeks before it is active again.

Spam levels dropped significantly when an internet security company delivered a crippling blow last week to the Pushdo/Cutwail botnet, which is responsible for as much as 10 percent of all spam.

The company began contacting ISPs that were hosting the botnet’s command-and-control infrastructure, managing to take down almost 20 of the 30 servers worldwide. However, some ISPs were unresponsive, according to IDG News.

Pushdo and Cutwail work together. Pushdo is a Trojan with the ability to generate random domain names. After it infects a computer, it downloads Cutwail, a malware capable of spamming and downloading other harmful programs.

The actions of the security company will almost certainly have a positive effect for two or three weeks, security expert Ed Rowley said. But it is only a matter of time before the spammers find other hosting providers to get their systems up and running, he added.

According to a recent report, the most prominent security threat facing internet users is the Trojan downloader Exploit.JS.Gumblar, which accounted for 5 percent of all malware during the second quarter of 2010.

Who killed the Internet? Were your devices involved in the massive attack that brought down Twitter, Netflix, Spotify and the NY Times? Next time, it might be worse. Find out more