World's third largest spam botnet 'Grum' taken down

By on July 19, 2012, 12:00 PM

Security researchers announced they’ve dismantled the world's third-largest botnet, known as Grum, which is believed to have been responsible for 18% of the world's spam.

The shutdown was a joint effort between California security firm FireEye, the British-based Spamhaus Project, and the Russian-based Computer Security Incident Response Team known as CERT-GIB who worked together and convinced the companies that hosted Grum’s command and control servers to pull the plug on the operation.

Grum relies on two types of control servers: one to push configuration updates to the infected computers that are part of the botnet and another to tell the botnet what spam emails to send.

Initially researchers from FireEye were able to take down two command and control (CnC) servers hosted in the Netherlands of the second kind.

While this crippled the botnet’s operation, remaining CnC servers hosted in Russia, Panama, and a few in Ukraine that cropped up at the last minute in response to the previous shutdowns could still be used to update the botnet and direct it to new spam template servers.

Fortunately, that didn’t happen and yesterday Grum was dealt its final blow as folks in the worldwide security industry collaborated to apply pressure to local ISPs and domain registrars to shut down the remaining servers.

The researchers said the botnet had been using as many as 120,000 infected "zombie" computers to send out spam each day. More than 20,000 computers are apparently still spewing out junk email, but without the active CnCs they will soon be rendered ineffective.

User Comments: 8

Got something to say? Post a comment
Littleczr Littleczr said:

Good, to bad there are still more out there.

Guest said:

They "convinced" these companies to pull the plug on the Botnet? It should be illegal to knowingly allow these sort of actions passively occur in relevance to your company.

I just saw a post about spam posting as the "FBI" and saying that the computer has illegally downloaded material on it, and if you don't pay an upfront fine of $200 then further legal action will be taken. How much money is that robbing from our elderly and/or gullible citizens??? There needs to be set-in-place a multi-national funded organization to fight eCrime and physically have the right to go to any said nations to remove the issue.

What happens when someone creates a worm that takes down systems world-wide while self-protecting itself from anti-virus removal? With these sick people being protected within their borders, there is literally nothing to do about it?

Guest said:

It is very interesting. All these spam bot nets are getting supposedly taken down but I still get the penus enlargement pill spam. They are taking out the wrong bot nets. Also my spam still don't seem to lighten. Maybe they need to take yahoo down or msn. So my spam stops. Akamai anyone?

gwailo247, TechSpot Chancellor, said:

They "convinced" these companies to pull the plug on the Botnet? It should be illegal to knowingly allow these sort of actions passively occur in relevance to your company.

Because its just an odd coincidence that these servers are hosted in completely corrupt nations?

ikesmasher said: get the top two

Tygerstrike said:

Well think about much bandwidth do these bot nets use? So every bot net that gets taken down frees up more bandwidth for everyone else. However, any company that would willingly allow any bot net to do business with them needs to have thier business license pulled.

Guest said:

does it mean I got spam reduced by 18% on my inbox? :p

now, get the top two please..

Guest said:

Yahoo should reach out to all those disgruntled users complaining of hijacked accounts. Fixing these should at least convince other free mail providers to follow suite.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.