General Discussion

DainBramaged

(39,191 posts) Thu Jul 19, 2012, 01:21 PM Jul 2012

World's No. 3 spam botnet gasps dying breath after tense takedown (no spam since yesterday for me)

Security researchers said they dismantled the world's No. 3 spam botnet after convincing the companies that hosted its command and control servers to pull the plug on the operation.

Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.

"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam.'"

Responsible for about 18 percent of the world's junk messages, Grum was ranked as the No. 3 source of spam.

http://arstechnica.com/security/2012/07/grum-botnet-gasps-dying-breath/

5 replies

= new reply since forum marked as read

Highlight:

World's No. 3 spam botnet gasps dying breath after tense takedown (no spam since yesterday for me) (Original Post) DainBramaged Jul 2012 OP

Good. I'm sure they'll be back in a few days though. denverbill Jul 2012 #1

There's generally a small core of spammers doing the bulk of the emailing at any one time Posteritatis Jul 2012 #5

Now they'll go after the No. 2 and then the No. 2 that follows, and the No. 2 after that... HopeHoops Jul 2012 #2

I got it. Funny! DCKit Jul 2012 #4

Yay. Matariki Jul 2012 #3

denverbill

(11,489 posts)

1. Good. I'm sure they'll be back in a few days though.

Reply to DainBramaged (Original post)

Thu Jul 19, 2012, 01:46 PM

Jul 2012

I don't understand how these guys can get away with this for so long.

Posteritatis

(18,807 posts)

5. There's generally a small core of spammers doing the bulk of the emailing at any one time

Reply to denverbill (Reply #1)

Fri Jul 20, 2012, 01:03 AM

Jul 2012

Five to ten make up the overwhelming majority of it most of the time, and the botnets those guys use take some time to get established. Taking over twenty, thirty, a hundred thousand computers and getting them all to behave the same way isn't easy, even with security in the state it is these days. The main spamming networks are vast, highly decentralized, and designed to withstand a lot of damage before they cease operating. This one had command and control servers in four or five countries, remember.

Individual spammers come and go, yes, but the big, top-tier botnets are more on the scale of months to get properly set up. Taking out Grum's actually a pretty big deal, and will take some pressure off the net as a whole for awhile.

HopeHoops

(47,675 posts)

2. Now they'll go after the No. 2 and then the No. 2 that follows, and the No. 2 after that...

Reply to DainBramaged (Original post)

Thu Jul 19, 2012, 02:39 PM

Jul 2012

Sorry, couldn't help using the analogy to al Qaeda.

DCKit

(18,541 posts)

4. I got it. Funny!

Reply to HopeHoops (Reply #2)

Fri Jul 20, 2012, 12:20 AM

Jul 2012

The unending supply of #2s is surely an AQ plot to take over our PCs.

Either that, or they've got zombies.

Matariki

(18,775 posts)

3. Yay.

Reply to DainBramaged (Original post)

Thu Jul 19, 2012, 02:40 PM

Jul 2012

now if someone would take down the pesky annoyance known as 'Binu B Aryan' who's been sending me incomprehensible spam for YEARS about 'open tonnage' (???) and that always seems to work it's way through my filters, I'd be very happy...

Reply to this discussion