Researchers from MX Logic -- now part of McAfee -- have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that's using an 'IRS unreported income' notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.
The Pushdo/Cutwail botnet remains among the most aggressively spamming cybercrime platforms, with the latest campaign traffic averaging about 90,000 emails per hour according to the company.
The latest campaign is dynamically including the recipient's email within the page, as well as the user name within the executable link in an attempt to establish authenticity, using the following URL structure - irs.gov.hyu11hep .eu/fraud_application/directory/statement.php. Upon execution, the executable (Trojan-Spy.Win32.Zbot.gen) downloads more malicious content from known crimeware command and control servers.
Pushdo/Cutwail was among the botnets whose operations were briefly disrupted in June, 2009's shutdown of the rogue ISP 3FN/Pricewert, resulting in a short-lived 15% drop in spam volume coming from it.