Cutwail is a trojan dropper. It is capable of installing other malwares on the compromised computer. Cutwail may install malicious toolbars, fake security tools and similar computer parasites. Cutwail is unable to do serious harm on its own, nevertheless it is very dangerous. Programs installed by this trojan may steal personal information or direct user into buying corrupt programs or services.
More about Cutwail Botnet
Cutwail trojan, detected as Win32/Cutwail by Microsof, is compatible with Windows 2000, Windows XP and Windows Server 2003. Emerged in 2007, it was regarded as one of the most prominent spam botnets of 2009. Its second biggest wave occurred in early October of 2014. This malware installs such viruses as Zeus trojan and FakeAv malware on the compromised systems. The presence of Cutwail botnet on one’s PC can also result in the Upatre-Dyre, another trojan’s, infection. Additionally, it is the type of virus, which can carry out DDoS (Distributed Denial of Service) attacks on various websites. Regarding the history of DDoS attacks performed by Cutwail botnet, there were various web pages of governmental agencies of different countries affected. Among the domains targeted there have also been a few commercial sites compromised.
The executable files of Cutwail botnet and the directories they are put in:
%System%imPlayok.exe
%System%pmpviotnY.exe
%System%reader_s.exe
%System%reader_s.exe
%System%wuaucldt.exe
%User Profile%imPlayok.exe
%User Profile%pmpviotnY.exe
%User Profile%reader_s.exe
%User Profile%wuaucldt.exe
The potentially malicious Urls Cutwail trojan connects to:
{BLOCKED}.{BLOCKED}.76.194
{BLOCKED}.{BLOCKED}.62.66
{BLOCKED}.{BLOCKED}.220.203
{BLOCKED}.{BLOCKED}.187.4
black.{BLOCKED}antom.com
{BLOCKED}ash.com
The registry keys, which enable Cutwail to be loaded upon every boot-up of the system:
HKEY_CURRENT_USERSoftwareMicrosoft
WindowsCurrentVersionRun
syncman = “%User Profile%wuaucldt.exe”HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRun
syncman = “%System%wuaucldt.exe”HKEY_CURRENT_USERSoftwareMicrosoft
WindowsCurrentVersionRun
reader_s = “%User Profile%reader_s.exe”HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRun
reader_s = “%System%reader_s.exe”HKEY_CURRENT_USERSoftwareMicrosoft
WindowsCurrentVersionRun
pmpviotnY = “%User Profile%pmpviotnY.exe”HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRun
pmpviotnY = “%System%pmpviotnY.exe”HKEY_CURRENT_USERSoftwareMicrosoft
WindowsCurrentVersionRun
imPlayok = “%User Profile%imPlayok.exe”HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRun
imPlayok = “%System%imPlayok.exe”
Cutwail virus can also steal your login details, FTP credentials.
The Manner Cutwail Botnet is Distributed
Cutwail trojan spreads attached to other programs that are usually installed manually. It may present itself as a video codec in order to attract people. It also comes bundled with software installs distributed on P2P networks and illegitimate websites. In addition to this, Cutwail malware can be dropped on the computer systems by other malware threats. What is more, this virus can also be enclosed into the spam e-mails of fake invoices. These spam e-mails contain the following malicious URLs:
http://andreahanksphotography[.]com/docs/
http://bachatdeal[.]com/docs/
http://binuli[.]ge/docs/
http://brideinthewilderness[.]com/docs/
http://www.aurorasurgery[.]org/docs/
http://www.brianhomesinc[.]com/docs/
The following chart shows the main countries that send out spam with the Cutwail botnet:
While, on the other hand, the countries, which users have suffered the most from Cutwail botnet, are: the United States, China, Great Britain and Japan.
How to Know, Whether Cutwail is on Your Computer’s System or Not?
Cutwail hides its activities, but the user can learn about the infection easily because the botnet installs additional programs. If there are new programs on your computer that you haven’t installed, they might have been installed by Cutwail or other trojan of this kind.
Recommendations
The spam folder is not the place for your experimentation. If you cannot resist looking through spam e-mails, know that urls in the e-mail body and archive-file attachments, such as .zip or .rar files, can potentially contain such spambot as Cutwail. Furthermore, inspect every free download in the Custom/Advanced settings to uncheck every recommended install, because among such pre-added programs there can possibly be hidden this spambot as well.
If you notice unknown programs on your PC, which you do not remember having set up, it is a good idea to run a full system scan with one of the following malware removal scanners: Spyhunter or Stopzilla. Since Cutwail is an advanced malware threat and it can act as a rootkit, the only symptom that it is running on your computer’s system may be the notifications issued by your antivirus. Thus, it is really important to have a reliable one installed on the PC.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,