News

Third Largest Botnet Ring Shut Down

The Grum botnet, known as the third largest spam ring among security researchers, was crippled on Wednesday after most of the command and control (C&C) servers were shut down.

The shutdown came about as a joint effort by Dutch Internet service providers and multiple security firms, including Milpitas, Calif.-based FireEye. They worked to power down the final two Dutch servers and one Panamanian server associated with the ring.

"The takedown, while long overdue, is another welcome example of what the security industry can accomplish cooperatively and without the aid of law enforcement officials," said Brian Krebs, a computer security expert and blogger.

Surfacing in 2008, the Grum botnet had control of hundreds of thousands of computers, which it used to send out pharmaceutical spam. At its height, the Grum botnet was thought to be responsible for 17 percent of all worldwide unsolicited e-mail.

However, while most of the Grum botnet servers have been shut down, it might not be out for good. Security experts believe that the Grum worm may continue, providing the basis for a new botnet. Moreover, a targeted server in Russia managed to survive. Those running the malware ring managed to avert the shutdown of the final C&C server.

"After seeing the Panamanian server had been shut down, the bot herders moved quickly and started pointing the rest of the CnCs to new secondary servers in Ukraine," said FireEye's Atif Mushtaq, in a blog post.  "So at one point, I was thinking that all we needed was to take down one Russian server, but right in front of my eyes, the bot herders started pointing their botnet to new destinations."

These destinations, according to Mushtaq, were located in the Ukraine, which he said has traditionally been a "safe haven for bot herders." Mushtaq and his team quickly compiled the evidence of their exact location and forwarded it to a handful of security experts in the Ukraine area, who moved quickly to shut down the six servers that had sprung up overnight.

While Mushtaq said he believes that the botnet ring is currently dead, many security experts warn that Grum may be back due to the fact that no suspects connected with the malware have been detained or charged.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.