Cutwail spambot

This spambot  had attacked my company network, and it make my email server (exchange 2003) IP address get blacklisted. The effect of this spambot are outbound email from my company email server was blocked to send email outside my organization . It can be seen in the picture below, mostly queue connection in email server getting the retry status.

exchange email queue

To check the ip address that getting the blacklisted, I’m using 2 website :


In this website, I found that my company ip addresses has been infected with cutwail spambot . And this website provide a step to find out where’s the culprit.

To solved this problem,  I’m creating a new firewall rules in my trend micro office scan server. And this firewall will blocked :

  • Port 25 to all client workstation
  • And an Ip addresses that I found in The ip address are

After 2 days waiting, finally the culprit are found. There are one computer that making connection continously  to ip addresses To cleanup this computer,  the first thing I must do is disconnect the connection from this computer. After that, I deleted manually the spambot because my antivirus cannot detect it and make sure there is no more spambot in this computers.

To make sure the spam bot has gone, I checked the ip address reputation on the and thanks god it’s show that my ip reputation are good 😀

good IP reputation


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.