Security researchers announced they’ve dismantled the world's third-largest botnet, known as Grum, which is believed to have been responsible for 18% of the world's spam.
The shutdown was a joint effort between California security firm FireEye, the British-based Spamhaus Project, and the Russian-based Computer Security Incident Response Team known as CERT-GIB who worked together and convinced the companies that hosted Grum’s command and control servers to pull the plug on the operation.
Grum relies on two types of control servers: one to push configuration updates to the infected computers that are part of the botnet and another to tell the botnet what spam emails to send.
Initially researchers from FireEye were able to take down two command and control (CnC) servers hosted in the Netherlands of the second kind.
While this crippled the botnet’s operation, remaining CnC servers hosted in Russia, Panama, and a few in Ukraine that cropped up at the last minute in response to the previous shutdowns could still be used to update the botnet and direct it to new spam template servers.
Fortunately, that didn’t happen and yesterday Grum was dealt its final blow as folks in the worldwide security industry collaborated to apply pressure to local ISPs and domain registrars to shut down the remaining servers.
The researchers said the botnet had been using as many as 120,000 infected "zombie" computers to send out spam each day. More than 20,000 computers are apparently still spewing out junk email, but without the active CnCs they will soon be rendered ineffective.