Grum Botnet Taken Down

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security firm FireEye recently announced that all known command and control servers for the Grum botnet have been taken offline.

"Grum was the world's third-biggest botnet and responsible for 18 per cent of global junk mail around the time of its takedown, or 18 billion spam messages a day," writes The Register's John Leyden. "The zombie network has been around for around five years and most often associated with rogue pharmacy and fake Rolex spam."

"Like previous operations, a coordinated effort targeting the Grum command and control servers helped to quickly strangle the network," writes Geek.com's Lee Mathews. "On Monday and Tuesday, servers in the Netherlands and Panama were taken offline. However, Grum’s criminal controllers fought back by quickly re-routing communications to six new servers in Ukraine. With help from Russian cybersecurity firm CERT-GIB and an anonymous researcher operating under the handle Nova7, those were taken out by mid-day on Wednesday."

"When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders," FireEye senior staff scientist Atif Mushtaq wrote in a blog post. "There are no longer any safe havens. Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox."