Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev

Cutwail botnet spamming 'IRS unreported income' themed malware

By Dancho Danchev | September 10, 2009, 11:43am PDT

Summary: Researchers from MX Logic — now part of McAfee — have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that’s using an ‘IRS unreported income‘ notices in an attempt to trick the recipients into downloading a tax-statement.exe executable. The Pushdo/Cutwail botnet remains among the most aggressively spamming cybercrime platforms, with the latest campaign traffic [...]

Researchers from MX Logic — now part of McAfee — have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that’s using an ‘IRS unreported income‘ notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.

The Pushdo/Cutwail botnet remains among the most aggressively spamming cybercrime platforms, with the latest campaign traffic averaging about 90,000 emails per hour according to the company.

The latest campaign is dynamically including the recipient’s email within the page, as well as the user name within the executable link in an attempt to establish authenticity, using the following URL structure - irs.gov.hyu11hep .eu/fraud_application/directory/statement.php. Upon execution, the executable (Trojan-Spy.Win32.Zbot.gen) downloads more malicious content from known crimeware command and control servers.

Pushdo/Cutwail was among the botnets whose operations were briefly disrupted in June, 2009’s shutdown of the rogue ISP 3FN/Pricewert, resulting in a short-lived 15% drop in spam volume coming from it.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Mozilla patches 'drive-by download' security flaws

Citizens Financial sued for insufficient E-Banking security

Topics

Malware, Internal Revenue Service, Spam, E-mail, Spyware, Adware & Malware, Security, Spam And Phishing, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

The 360° Conversation around Cloud Computing

TECH VISUALIZER brings the social conversation to life... powered by Brocade

Learn More »

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

TR Community scoreboard for March 2, 2012

Ask a Question Start a Discussion

2

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

Just In

RE: Cutwail botnet spamming 'IRS unreported income' themed malware

birumut Updated - 2nd May 2011

Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Please Select
Please Select

0 Votes

+ -

Additional URL used in similar emails

michaelbreton 16th Sep 2009

http://www.irs.gov.mdtsrv.me/fraud_application/directory/statement.php?email=emailaddress&tid=supposed-taxpayer-ID

This one was just received today (9/16)

Reply
Flagged

0 Votes

+ -

RE: Cutwail botnet spamming 'IRS unreported income' themed malware

birumut Updated - 2nd May 2011

Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Reply
Flag

Join the conversation!

Subject (Max length: 75 characters)

Formatting + Comment

BB Codes - Note: HTML is not supported in forums

[b] Bold [/b]
[i] Italic [/i]
[u] Underline [/u]
[s] Strikethrough [/s]
[q] "Quote" [/q]

[ol][*] 1. Ordered List [/ol]
[ul][*] · Unordered List [/ul]
[pre] Preformat [/pre]
[quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Vendor Showcase

TECH VISUALIZER Sponsored by Brocade

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources

Solve the 6 Top Problems in Your Data CenterWhat are the top 6 problems in your data center and how do you solve them? ... (Hewlett-Packard (HP))Download Now
Office 365 Migration Guide: Approaches, Techniques and ChallengesNo Headache, No Hassles Microsoft 365 Migration

Your company is ... (Quest Software)Download Now
The Best Ways to Migrate Lotus Notes Applications to SharePoint and Office 365Migrating Notes to SharePoint Online/Microsoft Office ... (Quest Software)Download Now

A CNET Professional Brand

ZDNet

Log In | Join | Site Assistance | Follow via Twitter Facebook Email

All of ZDNet
Reviews
Downloads

Featured Articles

Top Productivity Apps for the iPad 3

Top Productivity Apps for the iPad 3

The new iPad is a good tool for getting things done.

Facebook Lockdown: The Definitive Guide

Facebook Lockdown: The Definitive Guide

Facebook's privacy and security settings have changed massively.

A power user's guide to Windows 8

A power user's guide to Windows 8

Ed Bott reveals small but useful hidden shortcuts, surprises, and secrets.

Love stinks: The worst mergers in tech

Love stinks: The worst mergers in tech

Corporate mergers can end in utter disaster.

Services

Popular on CBS sites: US Open | PGA Championship | iPad | Video Game Reviews | Cell Phones

© 2012 CBS Interactive. All rights reserved. Privacy Policy | Ad Choice | Terms of Use

Around the network