Pushdo / Cutwail: A Study of the Pushdo / Cutwail Botnet

Date Added: May 2009
Format: PDF

The Pushdo botnet has been with it since January 2007. The botnet is also known as Pandex or Cutwail. Not only is Pushdo responsible for a huge amount of spam activity, it also is one of the primary conduits for other criminal gangs to spread their malware creations. As a result much different detection exists for variants of this threat, the majority of which are so called "Generic Detections". Pushdo components are almost all memory resident, with very few being written to disk. This makes the job of security companies much more difficult when attempting to detect them. On monitoring the system for Cutwail, it generated statistics on the number of emails the threat would send per hour, per day etc - to better understand how the threat operates.