World's 3rd biggest botnet now offline, security company says

Internet users can now expect a significant drop in spam messages as the world's third largest botnet has been knocked offline, a security firm said.

 

FireEye Malware Intelligence Lab said the botnet, dubbed "Grum," was finally brought down after three days of concerted effort.

 

"According to data coming from Spamhaus, on average, they used to see around 120,000 Grum IP addresses sending spam each day, but after the takedown, this number has reduced to 21,505. I hope that once the spam templates expire, the rest of the spam with fade away as well," it said in a blog post.

 

All the known command and control (CnC) servers are dead, leaving their zombies orphaned, it added.

 

It said the botnet had servers in Panama that were shut down following pressure on its Internet service provider (ISP) from the community.

 

Panama was one of the major segments of the botnet along with Russia, it noted.

 

However, it said the bot herders moved quickly and started redirecting to new secondary servers in Ukraine.

 

"Ukraine has been a safe haven for bot herders in the past and shutting down any servers there has never been easy," it said.

 

But FireEye contacted Spamhaus, CERT-GIB, and an anonymous researcher who passed on the information to their contacts in Ukraine and Russia.

 

"As a result of this overnight operation, all six new servers in Ukraine and the original Russian server were dead as of July 18, at 11:00 AM PST," it said.

 

On the other hand, it said the primary server located in Russia was not taken down by its ISP, GAZINVESTPROEKT LTD, but their upstream provider null-routed the IP address.

 

FireEye also said Grum's takedown stemmed from the efforts of many individuals, which it said sends a strong message to all the spammers. — TJD, GMA News