Posts Tagged ‘cutwail’

Cutwail Botnet

Posted: Sunday, October 05, 2008
Posted by dcawley.

It looks like the Cutwail Botnet is attempting to increase it’s size at the moment. While checking our spam honeypot network for any interesting new attacks, I found a sample of a new attack with the latest version of the Trojan. In fact, it’s so new that many of the major Anti-Virus companies don’t have definitions against it as I write this post. I submitted the sample to virustotal which is an excellent resource for classifying suspicious files and showing the definition coverage from various companies. Here’s a screen shot showing the coverage. Only 5 out of 36 companies detected the file submitted, indicating it’s very new! The sample I analyzed above was from which appears to be a member of the Cutwail Botnet and it’s busy recruiting new members which can then be used to send spam. I should point out that it’s a high volume attack as […]

Political Spam – Georgia Conflict

Posted: Sunday, August 17, 2008
Posted by dcawley.

I thought it worth discussing the spam e-mails being sent related to the conflict in Georgia. So far, our spam traps show two very different types of spam mailings related to the issue which appear to have very different purposes. The most recent messages I’ve seen are in German and originate from the Cutwail botnet. Typically spam messages are used to promote a product or aim to infect even more machines. Interestingly, in this case it’s neither – it’s a political message which actually links to a youtube video of a Fox News broadcast. The Subject line is “Wahrheit uber Goergien Konflikt” which translates as the “Truth about Georgia Conflict”. It makes claims that YouTube have manipulated the visitor numbers so that the video isn’t popular (which I doubt). It goes on to state that we are not “media puppets” and we are opposed to “propaganda in the media” and […]