Aggressive Spam Bot Served by Compromised WordPress Websites

Svchost.exe processes created by malware

Security researchers from Dell SonicWall have identified an interesting spam bot that’s currently being distributed in the wild with the aid of compromised WordPress websites.

According to researchers, the malware is aggressive, and does little to try to hide its presence on a network. The threat is said to be similar to Cutwail, and it is served through drive-by downloads.

Once it infects a device, the malware abuses it to facilitate the distribution of other threat families.

Three scvhost.exe processes are created on the infected computer and used for network communications. What’s interesting about the spam bot’s command and control server communications is that a large amount of traffic is used to disguise the more important information.

Additional technical details on the threat, detected by Dell SonicWall as Wigon.PH_44, are available on the SonicWALL Security Center’s website.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s