Categories: SecurityWorkspace

Dutch Law Begins Dismantling Grum Spam Botnet

Dutch authorities have taken out two of the command and control (C&C) servers used by a “spam beast” botnet known as Grum, a security firm has noted.

Those two servers were used for sending instructions to bots, meaning that the world’s third largest spam botnet is likely to be cut off soon.

“With these two servers offline, the spam template inside Grum’s memory will soon time out and the zombies will try to fetch new instructions but will not able to find them,” explained Atif Mushtaq, from the FireEye Malware Intelligence Lab, in a blog post.

“Ideally this should stop these bots from sending more spam. I am sure the absence of the spam sent by the world’s third largest spam botnet will have a significant impact on the global volume.”

Not over yet

However, the botnet will not be completely killed off until master servers in Panama and Russia are disconnected. Grum has no fallback mechanism, meaning once the master servers are dead, there is no coming back.

The ISPs hosting the servers were sent notifications of malicious behaviour on their infrastructure, which were ignored.

“This means that using these two live servers, the bot herders might try to recover their botnets by executing a worldwide update. No action has been taken by the bot herders so far. There is complete silence from their side,” Mushtaq added

“Any attempt to recover this botnet will be noticed. I don’t know if the security community will eventually be able to take down the rest of the Grum botnet, but we are trying and trying very hard. We did not give up after the first failed attempt and will continue to contact the Russian and Panamanian authorities through different channels.”

Grum is a four-year-old botnet that has managed to avoid being taken down, despite the recent demise of some of the biggest malicious networks, including Storm and Mega-D. The latest data from M86 Security showed it was responsible for 17.4 percent of worldwide spam traffic.

Only Cutwail and Lethic send more spam, but it was the top dog back in January, when it was responsible for sending out over a third of all spam.

Spam has seen a dip over the last year, following action against some massive botnets.Other recent major takedowns have included Rustock and Kelihos.

Although dismantling infrastructure kills off specific botnet operations, arrests are viewed by the security community as the true panacea for the problem.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

49 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

22 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago