Home Researchers Identify Notorious Botnet Operator Codenamed “Google”

Researchers Identify Notorious Botnet Operator Codenamed “Google”

Security researchers have identified the person responsible for about 22% of all spam on the Internet. Ironically, the individual responsible for running the operation through the so-called “Cutwail” botnet goes by the codename “Google.” Krebs On Security cracked the case on the malicious hacker responsible for much of the spam that cripples inboxes across the Internet.

Hundreds of chat logs were discovered by investigators between “Google” and the co-founder of a spam operation called “SpamIt,” Dmitry Stupin. These logs, discovered on Stupin’s computer by Russian investigators, gave a detailed look into how “Google” rans Cutwail and how he built the largest spam network on the planet.

Cutwail, SpamIt & Russian Spammers

Cutwail operates by using the botnet as an engine that it rents to a community of spam affiliates, according to research done by the University of California, Santa Barbara and Ruhr-University Bochum in Germany. Clients are provided with a Web interface in English and Russian that makes it easy to create spam.


Image: Worldwide spambots in December 2011 from M86 Security.

“Google” rose to fame with Cutwail by affiliating it with SpamIt. Cutwail at first spammed about stocks but found in 2007 that the conversion rate for those were low and switched to pharmacy-related spam. Later, “Google” and Stupin created a scheme to sell original equipment manufacturer software, such as pirated copies of Windows. This new scheme was dubbed “Warezcash.” A meeting was arranged between “Google” and Stupin in which chat logs give “Google’s” mobile phone number.

This is where “Google’s” identity starts to unravel. The phone number, along with a previously known email address, was able to track Web site registration for multiple domains such as antirookit.ru and lancelotsoft.com. These domains were registered to a person named Dmitry S Nechvolod, who is presumed to be “Google.”

Krebs notes that Dmitry S. Nechvolod is not necessarily the real name of “Google.” It could be a fake or a redirection. Krebs does say there are strong connections based on payment information given by “Google” to SpamIt. Through a virtual currency called “WebMoney,” the account that SpamIt sent money to “Google” was registered to a person named “Nechvolod Dmitry Sergeyvich.”

Cutwail Evolves

The Cutwail botnet has morphed over the years. It started simple with stocks then pharmacy-related spam. It later moved to OEM software before sending phishing emails with malware attachments from the Zeus and SpyEye Trojans, according to Krebs. Airline tickets, Facebook notifications and other various schemes came later. Cutwait has more recently moved on to “ransomware” attacks in which a malicious hacker takes over a users’ files and attempts to blackmail the recipient to get them back.

Cutwail is still alive and active. After the take down of the Rustock botnet, it was the time for Cutwail to shine. There is good news though in the global war on spam. 2011 saw some of the lowest levels of email-related spam in the last decade at 70% of all email volume in November 2011, according to Symantec (see above image). That is down from its peak of 90%. Part of the decrease is the increased efficiency of security researchers in identifying and taking down botnets. Spammers have also moved to social networks like Twitter, Facebook, Google+ and the comments of popular blogs.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.