Tech. Science. Culture.
We may earn a commission from links on this page

World's Third-Largest Spam Botnet Is Knocked Offline for Good

We may earn a commission from links on this page.

Salutations, My Dearest One: I am writing to you this blog post with joy and happy feelings in my heart, bringing news that will be of great interest and benefit to you. Oh, beloved, there is indeed a special reason for why I have chosen to contact you in this moment of your day, I write to you now because of the urgency of our situation: the world's third-largest spam botnet was knocked offline, today—for good.

Yup. After a three-day effort, FireEye Malware Intelligence Lab succeeded in bringing down Grum, the malicious, spam botnet that immediately before its demise was ranked behind just Cutwail and Lethic botnets in size—and as recently as January was thought to be themost active spam generator in the world.

Until just days ago, Grum's servers in Russia, Panama, and the Netherlands were thought to be in control of as many as 100,000 infected "zombie" PCs, bots from which Grum was spewing out a whopping 18 percent of the world's internet spam. Between Monday and Tuesday, Grums servers in the Netherlands and Panama were brought down, buckling under pressure from the local community and authorities alike, the remain's of the botnet's now-crippled infrastructure isolate in Russia.


...Or so the FireEye team thought. After the takedown of the two Dutch servers, six new Grums servers cropped up in Ukraine, a erstwhile safehaven for botnet servers, where the takedown is known to be difficult.

But as of 11:00 PST, Grum was dealt its final blow, a spokesperson told PC Mag.

"FireEye, working with Russian CERT-GIB and Spamhaus, found each of these new CnC servers, took a heavy-handed approach in working with Russian ISPs and domain registrars, and took them down ... signaling the full shut down of the botnet."


Coming as an added bonus is news that spam activity from the world's largest botnet, Lethic, has declined noticeably since Grum went dark.

The FireEye team has the whole operation documented on their blog. Well worth a read, if you're in to spam and suspense. [FireEye via PCMag]