01 Sep 2010

Huge spamming botnet takes blow but still active

A botnet responsible for producing a substantial amount of spam has taken a major hit, but security experts say it could be just a matter of weeks before it is active again.

Spam levels dropped significantly when an internet security company delivered a crippling blow last week to the Pushdo/Cutwail botnet, which is responsible for as much as 10 percent of all spam.

The company began contacting ISPs that were hosting the botnet’s command-and-control infrastructure, managing to take down almost 20 of the 30 servers worldwide. However, some ISPs were unresponsive, according to IDG News.

Pushdo and Cutwail work together. Pushdo is a Trojan with the ability to generate random domain names. After it infects a computer, it downloads Cutwail, a malware capable of spamming and downloading other harmful programs.

The actions of the security company will almost certainly have a positive effect for two or three weeks, security expert Ed Rowley said. But it is only a matter of time before the spammers find other hosting providers to get their systems up and running, he added.

According to a recent report, the most prominent security threat facing internet users is the Trojan downloader Exploit.JS.Gumblar, which accounted for 5 percent of all malware during the second quarter of 2010.