Servers of third-largest spam botnet shut

FRAMINGHAM, Mass. – Authorities in three countries have taken down a half-dozen command-and-control servers for the Grum botnet, crippling the world’s third-largest spam-spewing network.

A total of five servers in Panama and the Ukraine were taken down Tuesday, while the plug was pulled on two servers in the Netherlands over the last few days, Atif Mushtaq, a researcher at FireEye’s security lab, said.

FireEye, the Russian Computer Security Incident Response Team and the Spamhaus Project have been playing a cat-and-mouse game with the spammers, who have launched new servers when others are taken down.
RELATED CONTENT

“It’s a dogfight between the research community and the bot herders,” Mushtaq said. Bot herders refer to the operators of the network of malware-infected, commandeered computers in the botnet.

Grum is responsible for more than 17 percent of the world’s spam, according to Mushtaq. Most of the spam sells fake Rolex watches and Viagra.

As of late Tuesday, the master server and one command-and-control server were operating in Russia, where Mushtaq believes the spammers are headquartered.

FireEye has watched Grum since 2008, when it was only the seventh or eighth largest spam botnet. Since then, larger botnets, such as Kelihos, Rustock and Zeus, have been taken down, so Grum has climbed up the charts.

Over the last few years, the tech industry has become more aggressive in battling botnets. In March, Microsoft won court permission to seize the servers of the Zeus botnet, which cybercriminals used to steal $100 million over five years.
Most of the money came through stealing online banking and e-commerce credentials. Microsoft Corp. also was involved in the takedown of servers in the Kelihos, Rustock and Waledac botnets.

The amount of spam flowing into people’s inboxes has fallen at least 60 per cent since the peak in 2008, Mushtaq said. Many ex-spammers have switched from running huge botnets that attract the attention of authorities to operating small networks aimed more at infecting computers with information-stealing malware.

“These guys have learned they need to fly under the radar,” Mushtaq said. “Making one huge botnet will make them very visible.”

Spammers also are turning from PCs to Android devices in building botnets for sending pharmacy, penny stock and e-card spam emails. Microsoft reported this month seeing spam sent from Android devices spewing from Yahoo email servers. The infected devices were located in Ukraine, Russia, Chile, Argentina, Venezuela, Indonesia, Thailand, Philippines, Lebanon, Oman and Saudi Arabia.

The consequence of sending spam from a mobile device is a higher wireless bill for the owner. Thousands of spam messages flowing from a device means a big jump in data traffic, which can lead to additional charges when volume surpasses a person’s data plan.

 
(From CSO)

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now