Salutations, My Dearest One: I am writing to you this blog post with joy and happy feelings in my heart, bringing news that will be of great interest and benefit to you. I write to you now because of the urgency of our situation: the world’s third-largest spam botnet was knocked offline today — for good.
Yup. After a three-day effort, FireEye Malware Intelligence Lab succeeded in bringing down Grum, the malicious, spam botnet that immediately before its demise was ranked behind just Cutwail and Lethic botnets in size — and as recently as January was thought to be themost active spam generator in the world.
Until just days ago, Grum’s servers in Russia, Panama and the Netherlands were thought to be in control of as many as 100,000 infect “zombie” PCs, bots from which Grum was spewing out a whopping 18 per cent of the world’s internet spam. Between Monday and Tuesday, Grums servers in the Netherlands and Panama were brought down, buckling under pressure from the local community and authorities alike, the remain’s of the botnet’s now-crippled infrastructure isolate in Russia.
Or so the FireEye team thought. After the takedown of the two Dutch servers, six new Grums servers cropped up in Ukraine, a erstwhile safehaven for botnet servers, where the takedown is known to be difficult.
But as of yesterday, Grum was dealt its final blow, a spokesperson told PC Mag.
“FireEye, working with Russian CERT-GIB and Spamhaus, found each of these new CnC servers, took a heavy-handed approach in working with Russian ISPs and domain registrars, and took them down … signaling the full shut down of the botnet.”
The FireEye team has the whole operation documented on their blog. Well worth a read if you’re in to spam and suspense. [FireEye via PCMag]