Holly crap on a cracker! I did not think this would happen any time soon. According to FireEye’s senior scientist Atif Mushtaq about 50% of the worlds spam is gone.
This week the Grum botnet was shut down. The criminals who ran the network of zombie computers had a 3 year run and made a last ditch effort to build out new servers but they were tracked down in a matter of hours and shut down.
Grum was first detected in 2008 and has infected hundreds of thousands of computers. Once installed on a computer it communicates with the master computer (Server) and then sends out the spam e-mail that it’s told to send out.
The key flaw in Grum was there was no built in backup. If all the servers were taken down at once the controllers of the program would then not ever be able to communicate with the infected computers again. So taking down all the servers at once was a key part in the success of killing Grum.
With servers located all over the world this task was not an easy one and removevirus.org gives mad props to the researchers who were able to make this happen.
Run Down of the Take Down
A Dutch internet provider took 2 of Grum’s primary servers offline. Next a server in Panama was taken offline and online one server in Russia was left and it had to handle all the load of the Grum botnet.
The makers of the program caught on to what was happening and quickly started a backup server in Ukraine. A Russian cyber security team was able to take down the Russian server and quickly acted to go after the back servers in Ukraine. They were able to convince key providers to cut off the internet connection to the backup servers and once those last servers were off line the makers could no longer tell the botnets what servers to connect to. This essentially killed the Grum botnet as the zombie computers no longer know who to contact to get the spam to send out.
The makers now can not tell computers were to go as they have lost all control of the network of infected computers.
Spam volumes around the world have no plummeted 50% because many other spammers have gone under ground as they feel the hunt for them is on. Most likely over the next coming months spam will start to kick back up.
With the controllers of Grum still out there, my personal feelings are they will simply start the whole process over but this time may attempt to build a better botnet that they can access even if servers go down. This is pure speculation on my end.
Speak Your Mind