Tech

Cutwail botnet spamming 'IRS unreported income' themed malware

Researchers from MX Logic -- now part of McAfee -- have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that's using an 'IRS unreported income' notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.

Written by Dancho Danchev, Contributor Sept. 10, 2009 at 4:43 a.m. PT

Researchers from MX Logic -- now part of McAfee -- have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that's using an 'IRS unreported income' notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.

The Pushdo/Cutwail botnet remains among the most aggressively spamming cybercrime platforms, with the latest campaign traffic averaging about 90,000 emails per hour according to the company.

The latest campaign is dynamically including the recipient's email within the page, as well as the user name within the executable link in an attempt to establish authenticity, using the following URL structure - irs.gov.hyu11hep .eu/fraud_application/directory/statement.php. Upon execution, the executable (Trojan-Spy.Win32.Zbot.gen) downloads more malicious content from known crimeware command and control servers.

Pushdo/Cutwail was among the botnets whose operations were briefly disrupted in June, 2009's shutdown of the rogue ISP 3FN/Pricewert, resulting in a short-lived 15% drop in spam volume coming from it.

Editorial standards

Show Comments

Cutwail botnet spamming 'IRS unreported income' themed malware

Related

Can Meta AI code? I tested it against Llama, Gemini and ChatGPT - it wasn't even close

Move over, Alexa and Homekit: A new Assistant is here to open-source your smart home

The best free AI courses (and whether AI 'micro-degrees' and certificates are worth it)