Researchers Say They Took Down World’s Third-Largest Botnet

[ronjor]

Quote:

By NICOLE PERLROTH

On Wednesday, computer security experts took down Grum, the world’s third-largest botnet, a cluster of infected computers used by cybercriminals to send spam to millions of people. Grum, computer security experts say, was responsible for roughly 18 percent of global spam, or 18 billion spam messages a day.

http://bits.blogs.nytimes.com/2012/0...argest-botnet/

[siljaline]

Also from: SecurityWeek

Quote:

Researchers at malware intelligence firm FireEye are reporting that Dutch authorities have pulled the plug on two secondary servers used by the Grum botnet. The removal of the servers shines light on how quickly some law enforcement agencies work, given that proof of their existence is just over a week old.

Last week, FireEye published the details on four servers, actively controlling the Grum botnet. These servers, two in the Netherlands, one in Panama, and one in Russia, were split into primary and secondary roles. The backup C&Cs were located in the Netherlands, and once word of their existence was released, Dutch authorities quickly seized them.

[Baserk]

The Grum botnet seems completely kaput by now. On the FireEye blog, Atif Mushtaq wrote;

'I am glad to announce that, after three days of effort, the Grum botnet has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned.
How it all happened is a long story, but I would like to summarize it for you.
The state of the Grum botnet has changed since we last talked (see previous posts here and here for a look back). On July 16, I reported that while CnC servers in Panama and Russia were alive, shutting down the Dutch server had at least made a dent in this botnet. On the morning of July 17, I got the news that the server in Panama was no longer active. The ISP owning this server at last buckled under the pressure applied by the community. It was great news. The shutdown of the Panamanian server meant a lot. I explained in my earlier post that Grum was comprised of two different segments. One was being controlled from Panama and one from Russia. ...' link

[Cudni]

Always good to hear this kind of news.

[sukarof]

If this is true: Kudos to them! Way more cool than make one

[Dermot7]

Quote:

As expected, the operators behind Grum are trying their best to reclaim their botnet. In the absence of any built-in fallback mechanisms, the bot herders used another fallback mechanism that is called money. Over the weekend we found that the Ukrainian ISP SteepHost removed the null route on three CnCs that were taken down last week. We suspect the bot herders must have paid a large amount of money in order to get access to these servers.

http://blog.fireeye.com/research/201...ey-factor.html

[rollers]

I do hope it stays like that. The amount of spam in my gmail spam folder has dropped off to almost zero, only had one yesterday instead of the usual 15 to 20 a day.

[rollers]

Quote:

Originally Posted by rollers

I do hope it stays like that. The amount of spam in my gmail spam folder has dropped off to almost zero, only had one yesterday instead of the usual 15 to 20 a day.

Ok..................I take that back now, seems it was a temporary blip..........now back up to normal levels of junk again

[Chiron]

Quote:

Originally Posted by rollers

Ok..................I take that back now, seems it was a temporary blip..........now back up to normal levels of junk again

You may want to see my article about How to Report Spam. You may find it of some assistance.

[tomazyk]

Here is some interesting inside information regarding Grum takedown: http://techcrunch.com/2012/08/04/gru...spam-networks/

[Dermot7]

Quote:

KrebsOnSecurity has obtained an exclusive look inside the back-end operations of the recently-destroyed Grum spam botnet. It appears that this crime machine was larger and more complex than many experts had imagined. It also looks like my previous research into the identity of the Grum botmaster was right on target.

https://krebsonsecurity.com/2012/08/...e-grum-botnet/