{
	"id": "05f3f05f-2238-4db0-9c33-4373d89eb11f",
	"created_at": "2026-04-06T01:31:24.875564Z",
	"updated_at": "2026-04-10T03:20:26.859433Z",
	"deleted_at": null,
	"sha1_hash": "e12d525d8562dad0510feb31f54e2ba014c119e5",
	"title": "Cutwail botnet resurfaces in major Facebook scam-paign",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38218,
	"plain_text": "Cutwail botnet resurfaces in major Facebook scam-paign\r\nPublished: 2011-08-30 · Archived: 2026-04-06 00:31:39 UTC\r\nCutwail – aka Pushdo and Pandex - Infosecurity notes, was first seen in 2007 and is a botnet that controls large\r\nvolume swarms for DDoS attacks and spam email generation.\r\nIn June of 2009, it was estimated that Cutwail was the largest botnet in terms of the amount of infected hosts. At\r\nthe time, MessageLabs estimated that the total size of the botnet was around 1.5 to 2 million individual computers,\r\ncapable of sending around 74 billion spam messages every day.\r\nIn February of last year, the botnet was seen to diversify when it started a DDoS attack against 300 major sites,\r\nincluding the CIA, FBI, Paypal and Twitter.\r\nAccording to Phil Hay of M86 Software, this latest incarnation of Cutwail is generating spam messages to\r\nFacebook users without any attachments.\r\nThe message, he says in his latest security posting, arrives as a fake Facebook friend invite notification that\r\nappears to be convincing since it is a clone of the real Facebook invite, but with malicious links. The message,\r\nnotes Hay, doesn’t contain any profile photos, and they have omitted the recipient’s email address in the fine print\r\nat the bottom.\r\n“Clicking the link fetches a web page that contains two ways you can infect yourself. First, there is a link\r\npretending to be an Adobe Flash update where you can download and install malware manually. Second, there is a\r\nhidden iframe that loads data from a remote server hosting the Blackhole Exploit Kit, which attempts to\r\nautomatically exploit vulnerabilities on your system, notably Java”, he asserts.\r\nHay notes that the maware that is downloaded appears to be a Zbot/Zeus variant.\r\n“Impersonation of the big social networks’ email notifications is an increasingly common tactic of the spammers.\r\nBe wary out there, not everything is as it seems”, he says.\r\nSource: https://www.infosecurity-magazine.com/news/cutwail-botnet-resurfaces-in-major-facebook-scam/\r\nhttps://www.infosecurity-magazine.com/news/cutwail-botnet-resurfaces-in-major-facebook-scam/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.infosecurity-magazine.com/news/cutwail-botnet-resurfaces-in-major-facebook-scam/"
	],
	"report_names": [
		"cutwail-botnet-resurfaces-in-major-facebook-scam"
	],
	"threat_actors": [],
	"ts_created_at": 1775439084,
	"ts_updated_at": 1775791226,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e12d525d8562dad0510feb31f54e2ba014c119e5.pdf",
		"text": "https://archive.orkl.eu/e12d525d8562dad0510feb31f54e2ba014c119e5.txt",
		"img": "https://archive.orkl.eu/e12d525d8562dad0510feb31f54e2ba014c119e5.jpg"
	}
}