One of the largest spam botnets has been dismantled, at least according to security researchers.
The Grum botnet had the last of its command and control servers taken offline several weeks ago. This included six located in the Ukraine and one in Russia, says FireEye senior staff scientist Atif Mushtaq in a blog post.
FireEye was part of collaborative group of security experts who launched a takedown of the Russian command and control server. When the group failed to get a response from the hosting provider for the Russian server, they contacted its ISP, which eventually intervened and stopped routing traffic for the server’s IP address.
The grim news about Grum is good news for the rest of us.
At its peak, Grum was responsible for close to 18 percent of the world’s spam and had control of at least 100,000 active infected machines. This put Grum in third place in terms of unique IP addresses.
Cisco, meanwhile, has another number to chew on. It says over 100 billion spam messages are distributed worldwide in a given day. So, if you do the backwards math, the 18 percent of global spam messages that Grum spits out translates into 18 billion spam messages a day.
Grum catchers included FireEye, the nonprofit Spamhaus Project, the Computer Security Incident Response Team of Russian security firm Group-IB and others.
What’s interesting about this collaborative group is how it was able to get cooperation from the Russian and Ukraine governments – a rarity and perhaps a sign that these locations might no longer be the safe havens for cybercriminals and spammers in the future.
- Grum, World’s Third-Largest Botnet, Knocked Down [FireEye]
- Cisco IronPort SenderBase Security Network [Cisco]