Sprawling spam botnet struck down - Action News
Home WebMail Thursday, November 14, 2024, 05:11 PM | Calgary | 5.9°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Science

Sprawling spam botnet struck down

A California-based computer security company says it and several other experts have taken out Grum, a piece of malware responsible for more than 17 per cent of the world's spam.

Grum responsible for more than 17% of spam worldwide, FireEye security firm says

Symantec says the drop in the level of junk, or spam, emails suggests cybercriminals are looking to other ways to make money on the internet.

A California-based computer security company says it and several other experts have taken out a piece of malware responsible for more than 17 per cent of the world's spam.

FireEyewrote in acompany blogWednesday that all of the command and control servers deploying the Grum botnet had been disabled.

Several security experts had spent days playing a game of cat and mouse with the creators of the malware, shutting down servers in Panama and Russia only to have new ones pop up in the Netherlands and Ukraine.

In most cases, the security sleuths managed to convince the internet service providers hosting the servers to shut them down. In Russia, however,it was the upstream provider,which connects ISPsto theinternet, that "null routed" i.e.rendered useless the IP address affiliated with the primary malware server in that country, wrote FireEye security researcher Atif Mushtaq.

Mushtaq said he co-operated with experts at the Switzerland-basedSpamhausand the Russian computer security incident response team CERT-GIB, as well as withan anonymous researcher known as Nova7, to rally the online community that tracks computer threats to put pressure on the ISPs hosting Grum servers.

Dates back to 2008

Grum has been active since as far back as 2008, an unusuallylong life for a botnet,Mushtaq said.

As of January 2012, Grum was responsible for 33.3 per centof worldwide spam, according to data fromM86Securitycompiled by Mushtaq. But recently, its share of the spam market had dropped to 17.4 per cent, "making it the world's third-most active spam botnet after Cutwail and Lethic," Mushtaq wrote.

Mushtaq said the security community's success in taking down the botnet shows that with concerted effort, even ISPs in countries considered safe havens for those looking to set up command and control servers (CnCs) formalware can be pressured to help stopthose flooding computer networks with malicious spam.

"There are no longer any safe havens," Mushtaq wrote. "Most of the spam botnets that used to keep their CnCs in the U.S.A. and Europe have moved to countries like Panama, Russia and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox."