Categories: SecurityWorkspace

Dutch Law Begins Dismantling Grum Spam Botnet

Dutch authorities have taken out two of the command and control (C&C) servers used by a “spam beast” botnet known as Grum, a security firm has noted.

Those two servers were used for sending instructions to bots, meaning that the world’s third largest spam botnet is likely to be cut off soon.

“With these two servers offline, the spam template inside Grum’s memory will soon time out and the zombies will try to fetch new instructions but will not able to find them,” explained Atif Mushtaq, from the FireEye Malware Intelligence Lab, in a blog post.

“Ideally this should stop these bots from sending more spam. I am sure the absence of the spam sent by the world’s third largest spam botnet will have a significant impact on the global volume.”

Not over yet

However, the botnet will not be completely killed off until master servers in Panama and Russia are disconnected. Grum has no fallback mechanism, meaning once the master servers are dead, there is no coming back.

The ISPs hosting the servers were sent notifications of malicious behaviour on their infrastructure, which were ignored.

“This means that using these two live servers, the bot herders might try to recover their botnets by executing a worldwide update. No action has been taken by the bot herders so far. There is complete silence from their side,” Mushtaq added

“Any attempt to recover this botnet will be noticed. I don’t know if the security community will eventually be able to take down the rest of the Grum botnet, but we are trying and trying very hard. We did not give up after the first failed attempt and will continue to contact the Russian and Panamanian authorities through different channels.”

Grum is a four-year-old botnet that has managed to avoid being taken down, despite the recent demise of some of the biggest malicious networks, including Storm and Mega-D. The latest data from M86 Security showed it was responsible for 17.4 percent of worldwide spam traffic.

Only Cutwail and Lethic send more spam, but it was the top dog back in January, when it was responsible for sending out over a third of all spam.

Spam has seen a dip over the last year, following action against some massive botnets.Other recent major takedowns have included Rustock and Kelihos.

Although dismantling infrastructure kills off specific botnet operations, arrests are viewed by the security community as the true panacea for the problem.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago