The world’s third-biggest spamming botnet has been killed off, thanks to a coordinated effort between security researchers.
Grum has been in decline for some time, having held the title of world’s biggest spamming botnet in January. This week saw Dutch law enforcement take out a key command and control (C&C) server, but the master servers remained active in Russia and Panama.
It looked as if the Grum masterminds had brought their creation back to life, when they set up six fresh C&C servers in Ukraine to replace those taken out in the Netherlands. Furthermore, the ISPs that were hosting the master servers had not responded to letters informing them of malicious activity on their infrastructure.
“After they got all the evidence from my side, they moved quickly passing this intelligence back to their contacts in Ukraine and Russia. As a result of this overnight operation, all six new servers in Ukraine and the original Russian server were dead as of today, 18 July,” Mushtaq wrote in a blog post.
“The primary server located in Russia was not taken down by their ISP, GAZINVESTPROEKT LTD. It was their upstream provider who finally came in and null routed the IP address at our request.”
Many now expect to see a dip in spam as a result of Grum’s demise. The latest figures from M86 Security showed it was responsible for 17.4 percent of worldwide spam traffic. Data from Spamhaus showed that prior to the takedown, Grum consisted of around 120,000 bots pushing out spam, but there were most likely more bots connected to the malicious network.
Mushtaq said the collaborative effort showed how even in countries where ISPs are less complicit with the good guys, botnet infrastructure could be dismantled. “When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders,” he added.
“There are no longer any safe havens. Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox.”
Spam has seen a dip over the last year, following action against some massive botnets. Other recent major takedowns have included Rustock and Kelihos.
Are you a security pro? Try our quiz!
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…