Category MALICIOUS IP: Cutwail Spambot on IP (Kyrgyzstan)
Pushdo Malware and Zeus Botnet - Dictionary Attacker

The IP Address is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-03-15 04:00 GMT (+/- 30 minutes), approximately 5 hours ago.

This IP is infected (or NATting for a computer that is infected) with the Cutwail Spambot. In other words, it's participating in a botnet.

Cutwail is a complex infection and requires a number of steps to ensure that it's eradicated.

First, Cutwail spams out very high volumes, and is one of the the largest vectors of malware on the Internet, and almost every cutwail infection also has a copy of the Pushdo (DDOS by web transaction) malware and/or the Zeus botnet. The Zeus botnet controls the Cutwail/Pushdo pair as well as does information stealing/keyboard logging. Hence, this is a very severe threat - not just to the owner of the infected computer, the other members of your internal network (if you have one) but the rest of the Internet too.

Second, there are two methods for detecting cutwail. One of the methods is by detecting the spams that cutwail sends. The other method does not work that way. This means that even if you block outbound port 25 from non-mail-servers on your local network, you can still detect a cutwail infection on your local network. This means that if you implement port 25 restrictions, you should implement logging so that you can detect what internal machines are being blocked by it and are thereby probably cutwail infections.


A small report on this IP can be seen by clicking the .txt. Icon:

Document hosting:

Keine Kommentare:

Kommentar veröffentlichen