In 2015, around 60 per cent of all emails in the world were spam. But a spam campaign is only as good as its data. If the emails aren't being opened, or are sent to addresses that no longer exist, then the scam fails. That's why you need a good botnet.
At its height, the Cutwail botnet, created by Russian hackers around 2007, was responsible for nearly half the world's spam, and had a network of two million infected computers sending 74 billion emails a day (8bn to the UK alone) from computers running Microsoft Windows.
Nominet, the UK's domain registry, has been monitoring Cutwail for years. "We see patterns in the traffic going in and out of our name-server infrastructure," says Nominet researcher Siôn Lloyd. "We can also see how much of our traffic is 'legitimate'."
Using its Turing data analysis system, Nominet was able to get to grips with how the botnet was behaving. "We have ways of visualising the data that makes these flaws stand out," says Lloyd. "Once we know what we're looking for we can isolate them."
By 2013, Cutwail had became the go-to method for sending spam, spreading alongside the Gameover ZeuS Trojan and CryptoLocker malware. Then, in May 2014, the FBI and other law enforcement agencies, including Europol, decided to shut it down.
The effect was almost immediate. Cutwail's scale collapsed, but so did its ability to send effective spam emails. As the lists of addresses it relied on went out of date, the hampered botnet slowed to a whimper. It still exists today, but Cutwail spam is far less likely to reach your inbox. WIRED tracks its rise and fall.
This article was originally published by WIRED UK
