You may notice a dramatic slump in the amount of spam in your inbox over the coming weeks: what’s claimed to have been the world’s third-largest botnet has been taken down.
According to the team that dealt with it, Grum controlled at least 100,000 PCs and accounted for 18 percent of the world’s spam – around 18 billion messages a day. Only Cutwail and Lethic were bigger.
“I am glad to announce that, after three days of effort, the Grum botnet has finally been knocked down,” says Atif Mushtaq of security firm FireEye. “All the known command and control (CnC) servers are dead, leaving their zombies orphaned.”
It took three days to gain complete control because of the resilience of the botnet and its masters. Command-and-control servers in Panama and the Netherlands were taken out first, but were replaced by new servers in Russia later that day.
But FireEye and British spam-blocking company SpamHaus were able to track the servers down and work with Russian ISPs to block them.
“When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders. There are no longer any safe havens,” says Mushtaq.
“Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox.”