View All Botnets

Pushdo Botnet Crippled

By Phil Hay  •  August 27th, 2010  •   Botnets

This morning we noticed that the usual torrent of spam from the Pushdo (or Cutwail) botnet had turned into a dribble.  The chart below shows an index of Pushdo spam volume over the month of August.

Pushdo Stats

So what’s the reason for this sudden decline? It turns out that the folks at TLLOD have been busy analyzing Pushdo command and control servers, and coordinating their take down.  According to their blog, over 30 Pushdo control servers were identified and 20 were taken down with the help of the relevant hosting providers.  However, there still remains a few active control servers still serving up spamming data.

As the chart above shows, this coordinated takedown has had an immediate impact on Pushdo’s spam output. This is welcome news indeed, especially as Pushdo has been responsible for wave after wave of malicious spam campaigns in recent months.  Still, we must sound a note of caution.  Previous experience has taught us that these botnet take downs are short lived.  Disabling control servers does not incapacitate the people behind the botnet.  It is highly likely they’ll be back before long with new control servers, and bots to do their spamming. In the meantime, we can enjoy a few days with less spam about.

Tags:    |    |    |  

3 Responses to “Pushdo Botnet Crippled”

  1. [...] firm M86 Security Labs, junk e-mail being relayed by Pushdo (a.k.a. Cutwail) tapered off from a torrent to a dribble over the past few days. M86 credits researchers at LastLine Inc., a security firm made up of [...]

  2. [...] Few days ago, LastLine’s Thorsten Holz and his team have successfully given a strike on Pushdo/Cutwail botnet infrastructure – Insights into the Pushdo/Cutwail Infrastructure(nice references). This action has a significant impact on the Cutwail, that’s the reason of the following figure(From M86 Security Lab blog – Pushdo Botnet Crippled) [...]

  3. [...] Spam volume graph from M86 Security Labs. [...]