Aggressive Spam Bot Served by Compromised WordPress Websites

Researchers say the threat is similar to Cutwail

By on January 20th, 2014 20:46 GMT

Security researchers from Dell SonicWall have identified an interesting spam bot that’s currently being distributed in the wild with the aid of compromised WordPress websites.

According to researchers, the malware is aggressive, and does little to try to hide its presence on a network. The threat is said to be similar to Cutwail, and it is served through drive-by downloads.

Once it infects a device, the malware abuses it to facilitate the distribution of other threat families.

Three scvhost.exe processes are created on the infected computer and used for network communications. What’s interesting about the spam bot’s command and control server communications is that a large amount of traffic is used to disguise the more important information.

Additional technical details on the threat, detected by Dell SonicWall as Wigon.PH_44, are available on the SonicWALL Security Center’s website.

Update. Dell SonicWall researchers confirm that the spam bot is a newer version of Cutwail.

Comments

Svchost.exe processes created by malware
   Svchost.exe processes created by malware