A blog post from FireEye Malware Intelligence Lab has confirmed that the world’s third-largest botnet, Grum, has been shut down thanks to the efforts of security researchers.
Grum was shut down after all of the command and control (CnC) servers were turned off by the hosting companies at the request of the security specialists. Initially it was thought that turning off CnC servers in Panama and Russia would accomplish taking the botnet down but, following the shutdown of the Panamanian servers, the “bot herders” switched over to six new servers based in the Ukraine.
The security researchers managed to get into contact with the server hosts and the upstream provider, in the case of the Russian server, and have all the servers killed as of 18 July. Spam tracking nonprofit Spamhaus reports that the botnet’s 120,000 active IP addresses have been reduced to 21,505. The number will hopefully drop further, “…once the spam templates expire.”
The blog post says, “Grum’s takedown resulted from the efforts of many individuals. This collaboration is sending a strong message to all the spammers: “Stop sending us spam. We don’t need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don’t send us spam.””
Source: Ars Technica