Web Statistics Spam Botnets Get SmackDown from Internet Security Experts - OhMyGov News

Follow OhMyGov! on  OhMyGov on Facebook      

  LOGIN  
NEWSNext
How Sticky Are Presidential Negative Campaign Ads?

Spam Botnets Get SmackDown from Internet Security Experts

Spam has been knocked down!

By Jack B. Winn Jul 20 2012, 10:23 AM

Security researchers in the U.K. have struck a blow in the war against spam.

According to malware intelligence firm FireEye, Grum, a botnet responsible for an estimated 18 percent of the spam residing in users' inboxes, has been knocked down following a coordinated effort by multiple security companies and local ISPs in Panama, the Ukraine and Russia that effectively shut down the botnet's command and control systems (CNCs) in the three countries.

The beginning of the end kicked off when security experts at FireEye got news that a server in the Netherlands shut down one of the secondary servers Grum was using July 16. The following day, ISPs in Panama shut down Grum's primary server there, forcing Grum's creators to redirect their traffic to a secondary server in the Ukraine. With the help of anonymous contacts and partners from CERT-GIB and blocklist removal center Spamhaus, FireEye was able to exert pressure on ISPs in the Ukraine and neighboring Russia, effectively shutting down Grum--at least for the meantime.

At the time of the takedown, Grum had experienced something of a steep decline from January, when the botnet distributed 33 percent of the world's known email spam.  The botnet had been active for nearly four years--suggesting a high degree of professional expertise and financial support--likely illegal.

Grum had been the subject of intense interest in the internet security community, its techniques dissected by everyone from the International Journal of Information Technology and Technology Review. With Grum's demise, the Lethic and Curtwail (formerly Pushdo) botnets are left as the only two major botnets distributing spam. Lethic was taken down by security researchers in January 2010, using techniques similar to those used in the shutdown of Grum, however Lethic reemerged in a slightly weakened form later that year.

All told, Lethic and Curtwail were responsible for infecting 1.7 to 2.2 million computers worldwide, targeting websites as diverse as the National Institutes of Health, Doctors Without Borders and Utah's Child Protection Registry.

Yet despite the plethora of blogs and websites rushing to write Grum's obituary, its death could be greatly exaggerated--when the Rustock botnet was taken down in 2011, a lot of the traffic the botnet generated shifted to another little known botnet that would later become infamous--Grum.

 

 

 

Read More: National Institutes Of Health (NIH), Cyber Security

Reddit Digg Fark.com Twitter Facebook Email | Print | Comment
SOCIAL GOV Next
Gen. McChrystal and Joe Theismann To Keynote FOSE Conference and Expo
GOOD GOV Next
7 Reasons Every Government Agency Needs a Social Media Policy
 
 
 
Submit
COMMENT

 

          


 

 
 
 


 

 

 

 


 



  






 

About OhMyGov!

A leader in social media analysis for politics & government

Read More
Press Coverage

Site Tools

Political Profiles

Media Monitoring

Agency Leaderboards

Original Studies


Friends

Follow OhMyGov on Twitter and Facebook

See Our Partners


OhMyGov! Feeds

Copyright © 2012 OhMyGov Inc. All rights reserved.