Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Major Spam Botnet Grum Taken Down
World's Third-Largest Spam Botnet Taken Down
World's Third-Largest Spam Botnet Taken Down
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
You know those tons of spam e-mail you've been getting about fake prescription drugs? A security firm has helped to take down the botnet behind it.

Last week, California-based FireEye Malware Intelligence Labs posted on its blog the command and control (CnC) coordinates of the large spam botnet called Grum. "The intention behind this article was not only to share this information for a general awareness," posted the company's Atif Mushtaq, "but also to invite the research community to come forward and take down this spam beast."

'Pulled the Plug'

And, he reported, that's what happened, except it wasn't the research community but Dutch authorities who did the deed. Mushtaq reported that they have "pulled the plug on two of the CnC servicers pointing to IP addresses and"

He added that these two CnC servers were "responsible for pumping spam instructions to their zombies." In this case, zombies refer not to undead humans, but to undead computers that have been commandeered by malware to resend spam, often without their users' knowledge.

With the servers offline, Mushtaq said, the spam template inside Grum would "soon time out and the zombies will try to fetch new instructions" but would not be able to find them.

But, Mushtaq reported earlier this week, Grum's master CnC servers, based in Panama and Russia, were still up -- so Mushtaq published their information as well. He said that the ISPs handling those servers were contacted with abuse notifications, which were ignored. The botnet could update their zombies from these servers, which would reconstitute the spam network.

'Killing the Beast'

Then, on Thursday, Mushtaq posted that the server in Panama had been taken down, the result of the ISP eventually succumbing to community pressure. But then, he wrote, "right in front of my eyes, the bot herders started pointing their botnet" to six new servers in the Ukraine, which has been a safe haven for botnets in the past.

He passed the information on to spam-fighting organizations, such as Spamhaus, which then communicated with their contacts in the Ukraine and Russia. As of the end of this week, all six new servers in the Ukraine and the original server in Russia have been taken down.

This Grum-bashing from FireEye took place in the latest of a series of its blog articles called "Killing the Beast," which focus on the CnC coordinates of major spam botnets. Two previous spam botnet takedowns have been credited to these articles.

The Grum botnet, according to Mushtaq, is over 4 years old, and has recently been responsible for about 17 percent of the world's spam. This makes it the third-largest botnet in the world, after the ones called Cutwail and Lethic.

This is actually a diminished status for Grum, since it had been the No. 1 spam botnet as of January of this year, accounting for about a third of all e-mail spam on the planet.

Image credit: iStock/Artist's concept.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.