The Cutwail botnet, an old-timer which has been around for almost 6 years, is still continuing to pump out and several new campaigns have been detected. Cutwail, also known as Pushdo and Pandex, is known for producing massive amounts of spam and conducting DDoS attacks and is made up of millions of computers. In 2010, the botnet launched attacks against hundreds of major retail, social networking and government sites including Paypal, the FBI, Twitter, and the CIA. It has survived the massive takedowns that have hit other major .
Recently researchers have detected a variety of new spam campaigns coming from Cutwail. Among them are attacks disguised as fake Facebook friend requests (if the user clicks on the embedded link to accept the request, they are brought to a fake Facebook login page and their details stolen), and malware laden ACH transfer cancellations and order confirmations for airline ticket reservations. These attacks are meant to alarm recipients and/or peak their curiosity and click on the provided , which lead to malicious websites that attempt to download Trojans that add the victim’s computer to the botnet.
Currently the sites the malicious spam messages point to are hosting SpyEye, a dangerous type of malware designed to steal login credentials and other personal information such as banking info and launch transactions with that info. Bobax is a Trojan that sends information about the computers it infects to its command and control servers, scans the computer’s data for email addresses to harvest, and uses the infected system to pump out spam.