Sprawling spam botnet struck down

Grum responsible for more than 17% of spam worldwide, FireEye security firm says

CBC News

Posted: Jul 19, 2012 12:44 PM ET

Last Updated: Jul 27, 2012 11:54 AM ET

The Grum botnet was at one point responsible for more than 33 per cent of the world's spam, according to computer security experts. Recently, its share of the spam market had dropped to 17 per cent, but it was still the third-most active spam botnet out there. (iStock)

A California-based computer security company says it and several other experts have taken out a piece of malware responsible for more than 17 per cent of the world's spam.

FireEye wrote in a company blog Wednesday that all of the command and control servers deploying the Grum botnet had been disabled.

Several security experts had spent days playing a game of cat and mouse with the creators of the malware, shutting down servers in Panama and Russia only to have new ones pop up in the Netherlands and Ukraine.

In most cases, the security sleuths managed to convince the internet service providers hosting the servers to shut them down. In Russia, however, it was the upstream provider, which connects ISPs to the internet, that "null routed" — i.e. rendered useless — the IP address affiliated with the primary malware server in that country, wrote FireEye security researcher Atif Mushtaq.

Mushtaq said he co-operated with experts at the Switzerland-based Spamhaus and the Russian computer security incident response team CERT-GIB, as well as with an anonymous researcher known as Nova7, to rally the online community that tracks computer threats to put pressure on the ISPs hosting Grum servers.

Dates back to 2008

Grum has been active since as far back as 2008, an unusually long life for a botnet, Mushtaq said.

As of January 2012, Grum was responsible for 33.3 per cent of worldwide spam, according to data from M86Security compiled by Mushtaq. But recently, its share of the spam market had dropped to 17.4 per cent, "making it the world's third-most active spam botnet after Cutwail and Lethic," Mushtaq wrote.

Mushtaq said the security community's success in taking down the botnet shows that with concerted effort, even ISPs in countries considered safe havens for those looking to set up command and control servers (CnCs) for malware can be pressured to help stop those flooding computer networks with malicious spam.

"There are no longer any safe havens," Mushtaq wrote. "Most of the spam botnets that used to keep their CnCs in the U.S.A. and Europe have moved to countries like Panama, Russia and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox."

Stay Connected with CBC News

Big Box Advertisement

Top News Headlines

3 more suspects arrested in slaying of U.K. soldier

3 more suspects arrested in slaying of U.K. soldier: British police investigating the savage killing of an off-duty soldier in London have arrested three more suspects. more »

Toronto mayor's brother says he never dealt drugs: The brother of Toronto Mayor Rob Ford has vehemently denied allegations in Saturday's Globe and Mail that he was involved in the illicit drug trade in the 1980s. more »
Hockey Canada votes to ban bodychecking in peewee hockey: Hockey Canada's board of directors voted to eliminate bodychecking from peewee-level hockey on Saturday in Charlottetown. more »
Neil Macdonald: How serious is Obama about curbing the drone surge?: In a key speech this week, the U.S. president set out a host of supposed new safeguards for America's controversial practice of remote-controlled rough justice. But as Neil Macdonald writes, the underlying rationale for drone use has not fundamentally changed. more »
Ontario man lost in Australian mountains has survival skills: The sister of an Ontario man who disappeared in Australia's Snowy Mountains nearly two weeks ago says she remains hopeful he will be found, partly because of his training as a Canadian Forces reservist. more »

Must Watch

Latest Technology & Science News Headlines

Venus, Jupiter and Mercury to perform Dance of the Planets

Venus, Jupiter and Mercury to perform Dance of the Planets: During sunset on Saturday, three planets will form a bright cluster in the western sky known as the Dance of the Planets. more »

1976 Apple computer sells for $668,000: An auctioneer says one of Apple's first computers — a functioning 1976 model — has been sold for a record $668,000 US. more »
3D printers give rise to 'desktop manufacturing': Customizable objects from plastic dollhouse furniture to medical prosthetics can now be designed and printed out by almost anyone at the press of a button, and is going to lead to an 'explosion of new stuff,' predicts author Chris Anderson. more »
Google Street View captures Galapagos Islands: Few have explored the remote volcanic islands of the Galapagos archipelago, an otherworldly landscape inhabited by the world's largest tortoises and other fantastical creatures that inspired Charles Darwin's theory of evolution. more »
King Richard III buried in 'untidy' grave: New information has surfaced in the odd tale of the British king buried in a car park. King Richard III's remains, which were discovered August under a parking lot in Leicester, England, were laid to rest in a grave researchers are now saying was "badly prepared" and "untidy." more »

More Headlines »

Bob McDonald's Blog

Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.