“Google” Instigating Cutwail Botnet
According to a revelation M86 Security, Cutwail botnet seems to swing the air after the disappearance of the Rustock botnet. Various versions of Cutwail botnet invariably contribute 22% of the global spam on a daily-basis. However, it has also come under notice that the Cutwail botnet operation is carried under the codename "Google".
Of late, Krebs on Security website has recently scrutinized the case of malicious hacker held responsible for much of the inflow of spam e-mails making a round in the internet.
Innumerable chat logs pertaining to the communication between "Google" and the co-founder of "SpamIt," Dmitry Stupin, another spam operation were recovered during the investigation. These logs revealed from the Stupin's computer by Russian investigators enabled to offer a detailed analysis of the way in which "Google" runs Cutwail botnet and the procedure undertaken to build the largest spam network.
According to research, Cutwail undertakes its operation by using the botnet as an engine that is hired to a community of spam affiliates.
Affiliation with SpamIt enabled Google to gain popularity with the Cutwail botnet. Initially, "Goolge" was occupied with stock spamming, but gradually it shifted to pharmacy spamming and later on Google and Stupin, that created scheme for selling original equipment manufacturer software, which are mostly pirated copies of Microsoft Windows and other types of high-priced software titles. Later on, the scheme was code named "Warezcash."
"Google's" identity came to limelight during this operation. Logs revealed from Stupin holds the convention that "Google" would not be able to undertake such a big operation as it is just 25-years old. Stupin and Google agreed to hold a detailed discussion in Moscow over the Warezcash OEM partnership. Chat log reveals Google's instruction to Stupin to precede communication on the mobile.
The mobile number is tapped with the historic Website registration records for several domains, including electronicinfinity.ru, hoha.ru, einfinity.ru, lancelotsoft.com, antirootkit.ru, and ssbuilder.ru. Each of the record reveals "Dmitry S Nechvolod," as the initial registrant.
However, it is worth mentioning that since many years, Cutwail has been one of the top three most inexhaustible spam botnets. Initially, it is assumed that Cutwail must have started off as a popular mode for sending male enhancement and OEM software spam. But of recent, it has morphed as one of the major spam cannon for spreading malicious software.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 11-01-2012