Spam Botnet also Ships Worm

Monday, January 28, 2013 @ 01:01 PM gHale


While it has been up and down over the past six years, the Cutwail/Pandex botnet continues to share its spam every day.

Spam is the main reason why the botnet continues to go strong as it sends out millions of messages per day, and in addition it occasionally harvests information such as email addresses in order to include them in new spam campaigns.

RELATED STORIES
Successful Botnet Details Emerge
Virut Botnet Goes Down
Malware Spreads through Skype
Dorkbot Worm Goes Global

As what happened with the Virut botnet a week ago, this botnet just rented out to cyber crooks that wanted to infect computers with malware like the backdoor Cridex worm, said researchers at Symantec.

“The attackers have managed to host a malicious HTML file at a legitimate web site, which has been compromised. This file would then redirect the user to a Blackhole exploit kit, which would deliver W32.Cridex to the compromised computer,” Symantec researchers said.

The victims would go to the compromised web site if they clicked on links contained in bogus spam emails.

The majority of computers enslaved in the Cutwail botnet are at this time located in the U.S., India, the Russian Federation and Mexico. The servers hosting the Blackhole exploit kit are in Germany, the Russian Federation and Lithuania.



Leave a Reply

You must be logged in to post a comment.