1 min read

[Malware Review] The new member of the Cutwail dinasty

Bogdan BOTEZATU

November 09, 2009

[Malware Review] The new member of the Cutwail dinasty

Once the Trojan is successfully run on the system, it would create copies of itself in the %SYSTEMROOT%System32 and %HOMEPATH%%USERNAME% folders, called reader_s.exe. It would also add itself to the list of programs executed at each Windows startup and would deploy additional components to allow a remote attacker access to the infected machine.

The backdoor component in Trojan.Cutwail.Z also allows it to be automatically upgraded by its “master” from a remote location over the Internet. The Cutwail family is extremely prolific and each new variant of the Trojan includes additional features.

The Cutwail family, also known as Pushdo, is responsible for one of the largest active botnets. The total amount of “zombified” systems is impressive – they are used primarily for sending spam messages, but Cutwail is more than that. Other variants of the Trojan would even download third-party malicious files and install them on the already-infected machine.

Given the fact that Cutwail infections are extremely difficult to spot (the only visible symptom is increased Internet activity), you are advised to regularly scan your system with a freshly updated
antimalware solution.

Information in this article is available courtesy of BitDefender virus researcher Marius Vanta.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read