Botnet creators return with Bredolab trojan
The authors of the Cutwail botnet are fighting back to get more market share.
This month has seen a large surge in spam carrying a trojan called Bredolab, with a security researcher suggesting this was due to cyber criminals trying to regrow the Cutwail botnet.
Paul Wood, a senior analyst at Symantec, said that Bredolab has existed since April and May in relatively small numbers, but its use had dramatically grown in the last month.
Bredolab is a downloader used to "drop" malware on machines and could be used to infect computers to add to the Cutwail botnet.
It was found in attachments coming from spam mail sent by computers under the Cutwail botnet, which has seen its own numbers decrease in the past year due to ISP shutdowns.
The Cutwail botnet decreased from sending around 45 per cent of spam at the beginning of the year to only 11 per cent in September.
Wood said this could mean that the Cutwail malware authors were trying to respread Cutwail to make up for its losses.
"Cutwail is one of those botnets earlier [that] in the year was very large, but it's been overtaken by a number of other botnets," he said.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
"There's definitely some activity to try and increase its coverage," he added.
-
ITPro is 20!We take a look back on the past two decades since ITPro launched...
-
Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaignNews The tie-up includes a new model of industrialized ransomware deployment that significantly lowers the barrier to entry for cyber crime
-
Security experts sound alarm over 'expanded' China-linked botnet used to target US critical infrastructure and military assetsNews The China-linked botnet highlights risk of leaving routers and IoT devices unpatched
-
Thousands of Asus routers are being used to fuel a massive cyber crime spreeNews Black Lotus Labs has spotted a massive botnet of Asus routers built by malware that uses a common peer networking tool
-
Europol hails triple takedown with Rhadamanthys, VenomRAT, and Elysium sting operationsNews The Rhadamanthys infostealer operation is one of the latest victims of Europol's Operation Endgame, with more than a thousand servers taken down
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website