/>
X
Innovation

Cutwail botnet spamming 'IRS unreported income' themed malware

Researchers from MX Logic -- now part of McAfee -- have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that's using an 'IRS unreported income' notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.
Written by Dancho Danchev, Contributor on

Researchers from MX Logic -- now part of McAfee -- have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that's using an 'IRS unreported income' notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.

The Pushdo/Cutwail botnet remains among the most aggressively spamming cybercrime platforms, with the latest campaign traffic averaging about 90,000 emails per hour according to the company.

The latest campaign is dynamically including the recipient's email within the page, as well as the user name within the executable link in an attempt to establish authenticity, using the following URL structure - irs.gov.hyu11hep .eu/fraud_application/directory/statement.php. Upon execution, the executable (Trojan-Spy.Win32.Zbot.gen) downloads more malicious content from known crimeware command and control servers.

Pushdo/Cutwail was among the botnets whose operations were briefly disrupted in June, 2009's shutdown of the rogue ISP 3FN/Pricewert, resulting in a short-lived 15% drop in spam volume coming from it.

Editorial standards

Related

The 19 best Cyber Monday deals under $30
Amazon Fire TV Stick 4K

The 19 best Cyber Monday deals under $30

Live blog: 100+ of the best Cyber Monday deals
Large white Cyber Monday text with electronics behind it

Live blog: 100+ of the best Cyber Monday deals

The 51 best Cyber Monday deals on Amazon right now
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 51 best Cyber Monday deals on Amazon right now