There’s one thing everybody hates more than dubious online privacy policies and that’s spamming. Fortunately for every user’s peace of mind, security experts shut down Grum spam botnet, third largest in the world.
For many of today’s users, it’s a complete mystery how they keep getting spam, without remembering applying for a newsletter with the senders. For a person with an active mail account and internet activity, each day means deleting at least 10 spam emails that somehow crept in the inbox.
The Grum spam botnet is the third largest in the world. This botnet alone was responsible for 18 billion spam messages a day, writes CNN. FireEye’s Atif Mushtaq, one of the security experts that worked on taking down the Grum spam botnet, estimated now “about 50% of the worldwide spam is gone”.
Taking down Grum was an international effort of a combating digital crime team. Security experts blocked the botnet’s servers based in the Netherlands and Panama earlier this week. But it didn’t take Grum’s developers to get running seven brand new command and control servers across Ukraine and Russia.
Security expert Mushtaq explains spammers moved most of their command and control centers away from USA and Europe. Bot developers chose to move “to countries like Panama, Russia and Ukraine thinking that no one can touch them in these comfort zones”.
“Ukraine has been a safe haven for bot herders in the past and shutting down any servers there has never been easy” said Mushtaq of their operation. But U.S. FireEye experts, Russia’s Group-IB along with UK’s SpamHaus managed to shut down Grum early Wednesday morning. “We have proven them wrong this time” said Mushtaq of their shutting down of Grum’s network.
Security experts know it’s only a matter of time before a botnet like Grum would hit your mail with useless ad for cheap drugs once again. But at least for now, the world is just a little bit more spam-free.
As for Grum itself, experts say it’s going to take a while before developers build back from scratch. “Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server” said Mushtaq.