Security Gurus Knock Out Grum Botnet, Curtail Spam by 18 Percent
Posted 07/19/2012 | by Paul Lilly




If your junk mail folder seems smaller as of late, there's good reason for that. Computer security experts collaborated to take down Grum, the world's third largest botnet, which they say was serving up 18 percent of spam around the globe by way of 18 billion spam messages every 24 hours. A few more victories like that and it may become easier to buy fake Rolex the old fashioned by -- by seedy looking individuals wearing trench coats.

Security firm FireEye has been preaching about the importance of focusing on known command control (CnC) servers, and that strategy seems to be paying off. Shutting down Grum took a concerted effort from multiple agencies, as it maintained CnC servers in three different locales. It started by neutralizing Grum in the Netherlands and Panama, after which new servers popped up in Russia and Ukraine.

FireEye Malware Intelligence Lab researcher Atif Mushtaq kept at it, tracing Grum's whereabouts and alerting the proper people. His efforts paid off, and as of Wednesday morning, "all six new servers in Ukraine and the original Russian server [along with the Dutch server] were dead," Mushtaq stated in a blog post.

It's probably only a matter of time before Grum (or something similar) rears its ugly head again, but it's not as simple as creating a new server. According to Mushtaq, the cyber criminals responsible for Grum would have to build an entirely new botnet and infect hundreds of thousands of machines for a repeat performance.

Image Credit: Flickr user SeeMidTN.com