The researchers recently ran some Grum samples and noticed several new command and control servers for the botnet -- the spam campaigns generated by the botnet deliver pharmaceutical spam linking to several Russian domains.
While the spam volume from Grum is currently a shadow of what it was before the July 2012 takedown, TrustWave SpiderLabs' Rodel Mendrez writes, the botnet is clearly making a comeback.
"Perhaps bot herders behind Grum botnet are slowly rebuilding it again," Mendrez writes. "We’ve been involved in helping various botnet takedowns before, but most of the time, the effect is temporary. It seems this botnet is deeply rooted, that you couldn't take it down by its branch and fruit, but by its roots."