Botnet creators return with Bredolab trojan

computer gasmasks

This month has seen a large surge in spam carrying a trojan called Bredolab, with a security researcher suggesting this was due to cyber criminals trying to regrow the Cutwail botnet.

Paul Wood, a senior analyst at Symantec, said that Bredolab has existed since April and May in relatively small numbers, but its use had dramatically grown in the last month.

Bredolab is a downloader used to "drop" malware on machines and could be used to infect computers to add to the Cutwail botnet.

It was found in attachments coming from spam mail sent by computers under the Cutwail botnet, which has seen its own numbers decrease in the past year due to ISP shutdowns.

The Cutwail botnet decreased from sending around 45 per cent of spam at the beginning of the year to only 11 per cent in September.

Wood said this could mean that the Cutwail malware authors were trying to respread Cutwail to make up for its losses.

"Cutwail is one of those botnets earlier [that] in the year was very large, but it's been overtaken by a number of other botnets," he said.

"There's definitely some activity to try and increase its coverage," he added.