Global spam botnet taken down

July 19, 2012 at 5:33 PM
share with facebook
share with twitter

MILPITAS, Calif., July 19 (UPI) -- Internet security experts say what is claimed to be the world's third-largest spam-generating botnet pushing fake prescription drugs has been shut down.

The botnet known as Grum controlled at least 100,000 PCs and accounted for 18 percent of the world's spam, some 18 billion messages a day inundating e-mail inboxes, TG Daily reported.

"I am glad to announce that, after three days of effort, the Grum botnet has finally been knocked down," Atif Mushtaq of California-based security firm FireEye said. "All the known command and control (CnC) servers are dead, leaving their zombies orphaned."

The security firm collaborated with British spam-blocking firm Spamhaus, computer experts and Internet service providers around the world in the take-down effort.

It took three days to gain complete control because of the resilience of the botnet and its masters, FireEye said.

Command-and-control servers in Panama and the Netherlands were taken out first, but were replaced by new servers in Russia later that day.

Mushtaq said his company and SpamHaus were able to track the servers down and work with Russian ISPs to block them.

"When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders," he said. "There are no longer any safe havens."

"Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time."

Related UPI Stories
Trending Stories