Web Hosting Security

  Home arrow Web Hosting Security arrow World`s Third-Largest Botnet Bites the...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

World`s Third-Largest Botnet Bites the Dust
By: Terri Wells
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1

    Table of Contents:

    Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article



    If you've noticed a reduction in spam recently, you're not imagining things. Yesterday, FireEye Malware Intelligence Lab announced that they'd just knocked out the Grum botnet, responsible for sending out twenty percent of the world's unsolicited bulk email. It took three days of concentrated effort.

    FireEye reported the full story on this challenge. The botnet included command and control servers in Panama, Russia, and the Netherlands. It was the latter CnC server that FireEye managed to get shut down first; then the one in Panama closed as a result of “pressure applied by the community,” according to FireEye.

    The bot herders tried to regroup in the Ukraine, but FireEye managed to contact Spamhaus and several others with the evidence needed to get the servers shut down. “According to data coming from Spamhaus, on average, they used to see around 120,000 Grum IP addresses sending spam each day, but after the takedown, this number has reduced to 21,505. I hope that once the spam templates expire, the rest of the spam will fade away as well,” FireEye reported.

    Those 120,000 IP addresses don't show the full extent of the Grum botnet; they only tell the story of the active zombies sending spam. “In many corporate and ISP environments, outgoing email traffic is blocked by default so a big portion of the Grum botnet never sends any spam, but the bot herders use them for hosting their promotional websites,” FireEye explained.

    Before the shutdown, Grum's botnet was second only to the Cutwail and Lethic botnets in size, though about seven months ago it was “the world's most active spam generator,” according to PC Magazine. The takedown of the Grum botnet seems to have had another interesting side effect: “spam activity from the world's largest spam botnet, Lethic, has declined noticeably,” FireEye researcher Atif Mustaq told PC Magazine.

    Many people and organizations were involved in the takedown of the Grum botnet. Mustaq thanked Carel Van Straten and Thomas Morrison from Spamhaus, Alex Kuzmin from CERT-GIB, and Nova7, an anonymous security researcher, for their help in this task. While the zombies themselves may remain infected, it will be hard for the botnet herders to rebuild. FireEye's spokesperson observed that “The botnet does not have any apparent fall back mechanisms that would allow it to spin back up easily in the days to come.” That's good news for all of us who have to deal with spam-filled inboxes.

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By Terri Wells


    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap