Researchers zap huge global spam 'botnet'

Jul 19, 2012
A computer screen inbox displaying unsolicited spam emails. A huge global 'botnet' responsible for sending out millions of spam messages each day has been shut down by a collaborative effort from security experts in the US, Britain and Russia, researchers said.

A huge global 'botnet' responsible for sending out millions of spam messages each day has been shut down by a collaborative effort from security experts in the US, Britain and Russia, researchers said.

The so-called Grum -- which uses a network of infected computers to automatically generate emails -- "has finally been knocked down," said Atif Mushtaq of the California FireEye.

Mushtaq said in a blog post Wednesday that the shutdown was a joint effort of his group with the British-based Spamhaus Project, a , and the Russian-based Computer Security Incident Response Team known as CERT-GIB.

"All the known command and control servers are dead, leaving their zombies orphaned," Mushtaq said.

He noted that the researchers worked to shut down servers in the Netherlands and later in Panama, where "pressure applied by the community" caused the hosting firm to shut down the operation.

But he said the spam operation moved to new servers in Ukraine after the ones in Panama were closed.

"Ukraine has been a safe haven for bot herders in the past and shutting down any servers there has never been easy," he said.

But with the help of Spamhaus, CERT-GIB and an "anonymous researcher," Mushtaq said "all six new servers in Ukraine and the original Russian server were dead as of today, July 18."

He said the shutdown was made by the "upstream provider... at our request."

The researchers said the botnets had been using as many as 120,000 infected "zombie" computers to send out spam each day.

"After the takedown, this number has reduced to 21,505," Mushtaq said. "I hope that once the spam templates expire, the rest of the spam will fade away as well."

He said the to take down Grum sends a "strong message to all the spammers."

Explore further: WEF unveils 'crowdsourcing' push on how to run the Web

add to favorites email to friend print save as pdf

Related Stories

Spam down but 'zombie' armies growing: McAfee

May 07, 2009

Hackers appear to be beefing up armies of "zombie" computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee.

Microsoft uses law to cripple hacker spam network

Feb 25, 2010

Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

Microsoft busts spam network

Sep 27, 2011

Microsoft on Tuesday said it struck another blow in its battle against cyber crooks by busting a spam-sending network of virus-infected computers.

Microsoft engineer eyeballs Android botnet

Jul 04, 2012

(Phys.org) -- A Microsoft engineer has spotted a botnet that targets Yahoo! Mail users using Android devices. Terry Zink , who also writes an Internet security blog, said he has evidence of a botnet running ...

Huge 'botnet' amputated, but criminals reconnect

Mar 11, 2010

(AP) -- The sudden takedown of an Internet provider thought to be helping spread one of the most promiscuous pieces of malicious software out there appears to have cut off criminals from potentially millions of personal ...

Recommended for you

'SwaziLeaks' looks to shake up jet-setting monarchy

12 hours ago

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

Ecuador heralds 'digital currency' plans

12 hours ago

Ecuador is planning to create the world's first government-issued digital currency, which some analysts believe could be a first step toward abandoning the country's existing currency, the U.S. dollar, which ...

WEF unveils 'crowdsourcing' push on how to run the Web

Aug 28, 2014

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

User comments : 12

Adjust slider to filter visible comments by rank

Display comments: newest first

teledyn
1 / 5 (5) Jul 19, 2012
why do we not simply deploy a counter virus? It could be just like the commercial virus hunters, only, for the good of the internet, distributed freely, and via the same viral vector, it infects the machine and shuts down all suspicious port activity until the user confirms the use as valid.
ahaveland
5 / 5 (1) Jul 19, 2012
No effect here yet, still getting between 6000-7000 spam messages a day, mainly from IN,VN,PK,RU,CN,IR,BY,BR,KZ,KR,ID,PE,IQ,SA.

Some of these are repressive regimes, but can't repress spam, or won't act on complaints.
El_Nose
5 / 5 (6) Jul 19, 2012
@teledyn

because you are still creating a virus -- which means that it has to infect computers - someone isolates it copies it and changes it's purpose and you have a new harmful virus
hemitite
not rated yet Jul 19, 2012
ahaveland,

Repressive regimes, 1. like money, & 2. tend not to give a s**t what others may think of the way the acquire said money. This, I think, explains the connection you mentioned.
ahaveland
1 / 5 (1) Jul 19, 2012
This, I think, explains the connection you mentioned.


I think the vast growth of new and gullible users prone to catching malware, endemic piracy, lack of patch updating is more to blame. ISPs operating on a shoestring are simply overwhelmed with the support required to help disinfect their users. They may care, but are powerless to help *and* stay in business.
Of the 200,000 complaints I have sent to them, some ISPs try to help and some don't want to know. Success ratio is about 5%. Not good, but any success in getting a machine cleaned is better than nothing.
Skultch
not rated yet Jul 19, 2012
ahaveland,

What do ISPs have to do with infected users on their network? That's like asking the city government to fix your flat tire because you let your tires go bald and ran over a nail.
dtxx
not rated yet Jul 19, 2012
As Skultch said, fixing your computer because you got infected is not the ISPs responsibility. They only time they will get involved is if someone is using their network as a launchpad for attacks. And there a ton of third parties trying to cash in. Companies like UCEProtect publish blackhole lists, then try to extort the people they listed into paying to get off the list. Some RBLs are legit, but there plenty that are cons. Some of these companies also do things that are really great when you work in corporate IT, like blackholing Gmail's outbound servers. Everybody uses goddamn gmail, and one of the more common effects of these lists is that the user will not receive some of their inbound messages. It's based on which outbound gmail servers are listed and which one their message happened to originate from.
ahaveland
not rated yet Jul 19, 2012
As a user of the net for well over 20 years, I've been here many times before. WTF happened to netiquette?
ISPs have a responsibility to at least let their users know if they are abusing the net. There isn't any other way for someone to contact them officially and believably.
RBLs are still the best thing we have as a defence, but only an idiot would block gmail! Gmail manages its own security and compromised accounts fairly well.
TheWalrus
5 / 5 (1) Jul 19, 2012
@teledyne:

"why do we not simply deploy a counter virus?"

Viruses bad. No give viruses to bad guys. Bad guys reverse-engineer viruses and use on you.
Oysteroid
2.3 / 5 (3) Jul 20, 2012
@teledyne: And to add to others' responses: I personally would strongly object to ANY attempt to introduce a virus to my home machine...no matter the reason or purpose. I'm pretty sure any corporate sysadmin or security guys will feel even more so about THEIR machines.
Skultch
not rated yet Jul 20, 2012
ISPs have a responsibility to at least let their users know if they are abusing the net.


Says you and few else. Did you not get my analogy? ISP=road, car=user PC.

Do you have any idea how much that would cost? What is the incentive to track and store all that data? Email doesn't use much bandwidth. Yeah, it adds up, but so do the costs of doing something about it. Downloading and streaming video completely dwarfs the impact of spam email. THAT is what ISPs are concerned about.

I've worked as a senior network designer/engineer for an ISP for the last 6 years. I've literally Never had a conversation about what to do with the "spam email problem" in the way you are talking about. We've had customers get blacklisted and we've helped them get off the list after they cleaned up, but we've Never been proactive about it, nor have I ever even heard about such proactivity from my industry.

Install some AV, stay updated, and surf smartly. Duh.
SteveL
not rated yet Jul 22, 2012
Many years ago I had let my AV subscription lapse and everything was fine for a while. One night I woke up about 1 am and found my computer in a battle with my ISP. Some application was on my system and trying to mail out spam as fast as my computer could send it at 6Mb/s. Just as quickly my ISP was blocking the mail it had recognized as spam. Each time the outgoing mail was identified as spam and blocked my system beeped. It was beeping about once a second.

I shut down my system and reactivated Norton's AV in safe mode. It wasn't able to do anything as this was a root virus except to identify the file names. Fortunately I was able to remember my old DOS commands and locate and remove the 3-part NetSky virus myself.

My ISP is a small town business and the only one available in my area, but they do have anti spam protections in place for outgoing mail. So it can be done.

For my part, from then on I make sure I buy good AV and other protection software and keep it updated.