Top 5 Spam Botnet "Crippled" but Still Kicking
Top 5 Spam Botnet "Crippled" but Still Kicking
Posted 09/01/2010 at 7:31am
| by Paul Lilly
8
Comments
Print
One of the world's largest botnets responsible for as much as 10 percent of all spam suffered a temporary setback this week when several ISPs took action by unplugging infected servers, according to security firm M86 Security.
Known as the Pushdo or Cutwail network, this top 5 botnet specialized in sending out spam for fake AV software, designer goods, and pharmaceutical products, said Ed Rowley, product manager for M86 Security. But for the next couple of weeks, you can expect less of these emails in your inbox.
Security experts with the security company LastLine took it upon themselves to start contacting ISPs found to be hosting the command-and-control infrastructure of the botnet. All told, there were about 30 servers at 8 different ISPs keeping the botnet alive, 20 of which have since been taken offline.
According to Rowley, LastLine's efforts "will almost certainly have a positive effect for two to three weeks," but "the spammers will be able to find other hosting providers where they will be able to get their systems up and running."
Maybe sooner. Leaving at least 10 servers online is a major concern, as Pushdo is capable of generating random domain names, which can then be registered and activated.
Image Credit: Trend Micro
More like this
8
Comments
Comments are closed on this article
johnnyathm1
September 02, 2010 at 1:40am
I wrote a few folks at MaximumPC about the spam issue and received a reply stating there is a "mark as spam" button and we should start to mark suspect comments accordingly...I have looked and have yet to locate said button. Any of you others seen this mythical button? They did say it was very small...lol!
someuid
September 01, 2010 at 10:12am
Why aren't ISP's sniffing packets, looking for botnet workstations, then calling those customers and telling them "get it cleaned up or we'll cancel your account?" Afraid the user will move to a new company? Fine. Share your findings with your competitors and get everyone to agree to not open a new account with that person.
Seriously. If your car is a hazard, the police are not going to let you drive it on the road. If your computer is a hazard, it should be taken off the internet and not allowed on until repaired.
Mosher
September 01, 2010 at 2:03pm
I agree %100.
To add my own idea, they should have a AV system for browsers that doesn't accept traffic from known malware hosting servers. that would have the server owners clamoring to clean their act.
ShadowDragoonFTW
September 01, 2010 at 8:36am
It would be awesome if this really worked and SPAM slowly started becoming a thing of the past. It won't, of course, but one can always hope...
jlh304
September 01, 2010 at 9:42am
Yeah I wish this would have killed the beast, but leaving 10 servers up that can run and spread to others means they probably didn't do much.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy2 days 4 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj2 days 4 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E4 days 2 hours ago
