Posts Comments

Grum Botnet Taken Down

By admin on July 19, 2012 Leave a Comment

Holly crap on a cracker! I did not think this would happen any time soon. According to FireEye’s senior scientist Atif Mushtaq about 50% of the worlds spam is gone.

This week the Grum botnet was shut down. The criminals who ran the network of zombie computers had a 3 year run and made a last ditch effort to build out new servers but they were tracked down in a matter of hours and shut down.

Grum was first detected in 2008 and has infected hundreds of thousands of computers. Once installed on a computer it communicates with the master computer (Server) and then sends out the spam e-mail that it’s told to send out.

The key flaw in Grum was there was no built in backup. If all the servers were taken down at once the controllers of the program would then not ever be able to communicate with the infected computers again. So taking down all the servers at once was a key part in the success of killing Grum.

With servers located all over the world this task was not an easy one and removevirus.org gives mad props to the researchers who were able to make this happen.

Run Down of the Take Down

A Dutch internet provider took 2 of Grum’s primary servers offline. Next a server in Panama was taken offline and online one server in Russia was left and it had to handle all the load of the Grum botnet.

The makers of the program caught on to what was happening and quickly started a backup server in Ukraine. A Russian cyber security team was able to take down the Russian server and quickly acted to go after the back servers in Ukraine. They were able to convince key providers to cut off the internet connection to the backup servers and once those last servers were off line the makers could no longer tell the botnets what servers to connect to. This essentially killed the Grum botnet as the zombie computers no longer know who to contact to get the spam to send out.

The makers now can not tell computers were to go as they have lost all control of the network of infected computers.

Spam volumes around the world have no plummeted 50% because many other spammers have gone under ground as they feel the hunt for them is on. Most likely over the next coming months spam will start to kick back up.

With the controllers of Grum still out there, my personal feelings are they will simply start the whole process over but this time may attempt to build a better botnet that they can access even if servers go down. This is pure speculation on my end.

Filed Under: News Tagged With:

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.