clock menu more-arrow no yes

Filed under:

Grum botnet taken down, may have been responsible for 18 percent of global spam

New, 33 comments

Security experts in the US, Russia, and the UK have taken down the Grum botnet, which was responsible for sending as many as 18 billion spam messages a day.

gmail spam final
gmail spam final

Security experts say they've taken down Grum, a global botnet that may have been responsible for as much as 18 percent of spam sent out across the world. According to the New York Times, Grum's command-and-control servers in Panama and the Netherlands were taken down Tuesday, but in a game of cat-and-mouse seven new servers appeared hours later, based in the Ukraine and Russia. These new servers were taken down earlier this morning, with researchers tracing Grum to its source, and then working with local ISPs to shut the computers themselves down. California-based security firm FireEye partnered with UK spam-tracking service SpamHaus and computer experts in Russia to pull off the feat.

The team estimates that Grum was the third-largest botnet on the internet, responsible for 18 billion spam messages a day — roughly 18 percent of all global spam. The takedown comes after several similar operations this year, with Microsoft taking control of the servers running the Zeus botnet in March; a new variant of the Kelihos botnet was taken down just days later. While there are still machines out there infected by the malware that made Grum possible, according to FireEye's Atif Mushtaq they are no longer a threat. "It's not about creating a new server," Mushtaq told the New York Times. "Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server."