Grum Zombie Botnet Shut down, Says Spam-Fighting Researcher Atif Mushtaq
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

Grum, the world’s third-largest botnet, has been shutdown, according to one of the security researchers who helped take the botnet offline, Atif Mushtaq. Mushtaq, who works for the “malware intelligence lab” FireEye, announced the good news on the security company’s blog yesterday after two intense days battling Grum. You may see less spam related to cheap “Cilais,” “Vigara,” or “Levtira” (misspellings of Cialis, Viagra, and Levitra, respectively) and fewer unwanted messages advertising Rolex watches as a result of the Grum botnet shutdown. With a command and control server in the Netherlands, and additional servers in countries such as Panama and Russia, taking down Grum required international coordination and effort.

Grum was responsible for sending about 18 percent of the world’s spam. The botnet was sending up to 18 billion unsolicited emails a day that advertised products like fake Rolex watches and various erectile dysfunction pills. If you use email, you are almost certainly all too familiar with these annoying messages (but hopefully you aren’t seeing them in your actual inbox – at best, spam messages should make it to the spam folder of your email program, for the record).


As a botnet, Grum was network of so-called “zombies,” computers infected with malware that allow criminals to engage in all manners of cyber crime, including sending spam messages and stealing personal information. A computer joins the zombie network when an unsuspecting user opens a malicious file or clicks on a pernicious link. Once a computer is infected – after it has joined the zombie army, as it were – it can be forced to perform automated tasks, like sending spam to inboxes all over the world. It is worth noting that the vast – overwhelming – majority of zombied computers are Windows computers, which is one of the main reasons that we advocate using a Mac or Linux computer.

It was not easy to shut down Grum, requiring as it did the work of multiple researchers and the cooperation of Internet service providers (ISPs) in several countries. The first two servers that controlled the botnet (called a “command and control” server, or CnC) fell in the Netherlands, which occurred on July 16. The next Grum servers to go were located in Panama, one of the two main places (the other was Russia) from where the international botnet operated. If the fall of the Dutch server represented a light shove to Grum, then the collapse of the Panamanian server was a full-blown punch, knocking out one part of the botnet’s operation completely.

However, the criminals behind the botnet quickly set up new servers in Ukraine, a safe haven for cyber crime. It is not easy to take down servers located in Ukraine, but the team working on this noble project was able to take down the six new Ukrainian servers, as well as the original server in Russia, by presenting evidence to their contacts in these countries. By the morning of July 18, just two days after the two Dutch servers fell, the Grum botnet had been successfully taken down.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

2 thoughts on “Grum Zombie Botnet Shut down, Says Spam-Fighting Researcher Atif Mushtaq
0 (0)

  1. Of course the Ukraine is also a major IT center with many of the best programmers in the world, sought after by western corporations. The Ukrainian government will not jeopardize the reputation of the country and its growing IT industry.

  2. So if I can read this post, and got here from Facebook, I can presume my PC is not affected. (Proof!) I went to 2 or 3 sites that check your computer over the past 2 mos, and back then, they said I was clean.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.