Last week it was reported that the Pushdo botnet, used to send spam using the Cutwail spamming module, was taken down, thanks to the efforts of several security researchers. Thirty command-and-control (C&C) servers of the Pushdo/Cutwail botnet were identified, almost 20 of which were taken down after their Internet hosting providers were notified.
So far, the takedown appears to have been effective. Our monitoring indicates that the volume of spam sent using the Cutwail bots has significantly decreased. Our monitoring of the C&C servers Pushdo used indicates that the botnet has fallen silent since the takedown.
It’s too early to see if this particular takedown will have real long-term effects. There have been many takedowns before such as that of McColo in late 2008. However, in many of these cases, the affected botnets were able to recover and resume their operation within weeks.
Taking down botnets is a good thing but is not enough to stop the spam pandemic. The issue here is that while this botnet may have been crippled, the Spammers behind it are still at large – and can continue to create botnets in the future. Spammers like this must be arrested and should spend time in jail if we are to have any real chance of winning this war on Cybercrime. Trend Micro will continue to work closely with law enforcement to ensure that criminals like these are put behind bars
Last year, our researchers looked into the activities of the Pushdo/Cutwail botnet and released their findings in the paper “A Study of the Pushdo/Cutwail Botnet.”