This morning we noticed that the usual torrent of spam from the Pushdo (or Cutwail) botnet had turned into a dribble. The chart below shows an index of Pushdo spam volume over the month of August.
So what’s the reason for this sudden decline? It turns out that the folks at TLLOD have been busy analyzing Pushdo command and control servers, and coordinating their take down. According to their blog, over 30 Pushdo control servers were identified and 20 were taken down with the help of the relevant hosting providers. However, there still remains a few active control servers still serving up spamming data.
As the chart above shows, this coordinated takedown has had an immediate impact on Pushdo’s spam output. This is welcome news indeed, especially as Pushdo has been responsible for wave after wave of malicious spam campaigns in recent months. Still, we must sound a note of caution. Previous experience has taught us that these botnet take downs are short lived. Disabling control servers does not incapacitate the people behind the botnet. It is highly likely they’ll be back before long with new control servers, and bots to do their spamming. In the meantime, we can enjoy a few days with less spam about.