Spam Halved With Grum Takedown

Share This Post

An international effort by spam fighters has taken down the infamous Grum botnet, slashing in half the worldwide amount of spam e-mail. Grum’s last servers were taken offline in Russia last week, effectively killing the botnet that has no fallback mechanism, said Atif Mushtaq, a researcher at FireEye’s security lab, which collaborated with the Russian Computer Security Incident Response Team and the Spamhouse Project in battling Grum. At its height, Grum was the world’s largest spam botnet, since January. Before the takedown, the botnet’s120,000 malware-infected, active computers were spewing 18 billion spam e-mail a day, or roughly a third of the world’s spam, said Trustwave. The impact of Grum’s collapse went beyond the spambot. Stopping Grum caused a slowdown in the world’s largest spam botnet, Lethic, Mushtaq said Thursday. “Due to this [international] community reaction, Lethic has gone underground for awhile.” With Grum down and Lethic quiet, the total amount of the world’s spam has been cut in half, at least temporarily, said Mushtaq. Aside from the numbers, the spam-fighters’ success is expected to have a chilling effect on Russian and Ukrainian spam operations, which can no longer assume the countries offer a safe haven, due to weak laws.

Security Teams Unite to Fight

The Grum operation was done without any involvement by law enforcement, showing that security researchers working together can also be effective in fighting botnets, which besides spam are used in denial of service attacks against websites.

With security researchers globally watching them, cybercriminals now have to deal with far more adversaries than in the past. “That will have a huge impact on the mindset of bot herders, and that may be the reason Lethic is going underground,” Mushtaq said. Bot herder is the name given to people who control hijacked computers, or bots, in an illicit network. Grum’s death leaves tens of thousands of inactive, malware-infected computers. But without the original master computer and the IP addresses of the infected systems, the botnet is unlikely to be resurrected. “There’s no way to hijack this botnet,” Mushtaq said. “[the computers] are lost to us and to bot herders.” The Grum-killing operation started about two weeks ago when authorities in the Netherlands pulled the plug on two servers. This led to other servers in Panama being taken offline early this week. In a cat-and-mouse game with spam fighters, the Grum operators launched more servers in Russia and the Ukraine. A service provider in Russia took the last of those computers off the Internet on Wednesday. How long spam numbers will remain down is unclear. Spammers are sure to start filling the gap at some point. “Major takedowns can have a perceptible impact for weeks, even months, but that doesn’t mean it will be the case here,” David Harley, senior research fellow at ESET, said in an e-mail.  

Stay Ahead: Join the EwtNet Insider Email Club!

Stay informed and up-to-date with EwtNet's email subscription. Join our exclusive community and receive curated news, updates, and insights tailored to your interests.

Related Posts

How to Send Your Boss an Anonymous Email

What's the best way to communicate with your boss?...

Yahoo acknowledges Yahoo Mail hack

Have your friends recently texted you about spam originating...

Protect your devices from Web and email threats

Smartphones and tablets are vulnerable to attack, too. Here's...

Send Email Like a Pro

Email often straddles a fine line between help and...
- Advertisement -

Discover more from EwtNet

Subscribe now to keep reading and get access to the full archive.

Continue reading