News

Third Largest Botnet Ring Shut Down

The Grum botnet, known as the third largest spam ring among security researchers, was crippled on Wednesday after most of the command and control (C&C) servers were shut down.

The shutdown came about as a joint effort by Dutch Internet service providers and multiple security firms, including Milpitas, Calif.-based FireEye. They worked to power down the final two Dutch servers and one Panamanian server associated with the ring.

"The takedown, while long overdue, is another welcome example of what the security industry can accomplish cooperatively and without the aid of law enforcement officials," said Brian Krebs, a computer security expert and blogger.

Surfacing in 2008, the Grum botnet had control of hundreds of thousands of computers, which it used to send out pharmaceutical spam. At its height, the Grum botnet was thought to be responsible for 17 percent of all worldwide unsolicited e-mail.

However, while most of the Grum botnet servers have been shut down, it might not be out for good. Security experts believe that the Grum worm may continue, providing the basis for a new botnet. Moreover, a targeted server in Russia managed to survive. Those running the malware ring managed to avert the shutdown of the final C&C server.

"After seeing the Panamanian server had been shut down, the bot herders moved quickly and started pointing the rest of the CnCs to new secondary servers in Ukraine," said FireEye's Atif Mushtaq, in a blog post.  "So at one point, I was thinking that all we needed was to take down one Russian server, but right in front of my eyes, the bot herders started pointing their botnet to new destinations."

These destinations, according to Mushtaq, were located in the Ukraine, which he said has traditionally been a "safe haven for bot herders." Mushtaq and his team quickly compiled the evidence of their exact location and forwarded it to a handful of security experts in the Ukraine area, who moved quickly to shut down the six servers that had sprung up overnight.

While Mushtaq said he believes that the botnet ring is currently dead, many security experts warn that Grum may be back due to the fact that no suspects connected with the malware have been detained or charged.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

comments powered by Disqus