Good news.. Grum takedown: '50% of worldwide spam is gone'

13 replies
Grum takedown: '50% of worldwide spam is gone' - Jul. 19, 2012



NEW YORK (CNNMoney) -- Good news for your email inbox: You'll be seeing less spam in it now, thanks to a global takedown effort that knocked one of the world's biggest spammers offline this week.


"About 50% of the worldwide spam is gone," says FireEye senior scientist Atif Mushtaq, who participated in the demolition.


The dramatic decrease is the result of a coordinated attack by security firms and Internet service providers around the globe that took down a network of infected computers known as "the Grum botnet." Grum, one of the world's most prolific spammers, generated around 18 billion emails a day, by FireEye's estimates.


A botnet is a collective of computers infected with malware -- typically without the computer owner's knowledge -- and taken over by an outside attacker. Criminals who gain control of botnets use them for malicious activities like pumping out massive volumes of spam or launching denial-of-service attacks on targeted websites. The bigger the botnet, the more firepower the cybercrimal has at their fingertips.
Grum was an especially vast and nasty spammer. First detected in early 2008, its malware infected several hundred thousand computers around the world and churned out huge amounts of pharmaceutical spam advertising cheap drugs.


At its peak, Grum was the world's most prolific spam machine, though researchers recently dropped it to the number three spot on their ever-changing list of the world's largest botnets.


The tale of its demise reads like a high-tech thriller.


The brain of a botnet is what's known as a "command and control" server. Grum had several of those servers scattered around the globe in countries including Russia, Panama, and the Netherlands. But it also had a fatal weakness: The network had no recovery mechanism if all of its command servers were simultaneously knocked offline.


A Dutch Internet service provider yanked the plug Tuesday on two of Grum's primary command servers. A Panamanian server went down next, leaving just one main server -- in Russia -- coordinating the entire Grum swarm.


But when the botnet's operators realized their network was under attack, they launched their evasive actions, shifting their traffic to a fresh set of backup servers in Ukraine.


"Right in front of my eyes, the bot herders started pointing their botnet to new destinations," Mushtaq wrote in a blog post about the takedown. "For a moment, I was stunned."


Mushtaq alerted collaborators around the global, including a cybersecurity team in Russia that quickly went after the new servers' Internet providers. Within a few hours, they persuaded key providers to cut the connection. By 2 p.m. ET on Wednesday, the entire system was dead.


"We are confident that it can't recover," Mushtaq told CNNMoney on Thursday morning. "I've been monitoring Grum for four years. Right from the start we knew that it doesn't have any fallback mechanism."


Grum was responsible for 35% of the Internet's spam volume last week, according to monitoring statistics from security firm Trustwave.
Its demise is having ripple effects. The spam volume from another major botnet, Lethic, plunged overnight, Mushtaq said. He thinks the operators of that botnet have "gone underground."


Cumulatively, killing Grum and wounding Lethic has instantly cut the worldwide spam volume in half, FireEye estimates.
Grum recently averaged 120,000 infected computers a day generating spam, but immediately after the takedown, that number dropped to 21,505, spam tracker Spamhaus reported.


On Thursday, Spamhaus's latest data showed zero infected machines sending messages.


Spam had already declined dramatically in recent years thanks to coordinated global efforts. Mushtaq thinks the goal of a junk-free inbox is in reach.


"One last final blow and I think we can make a rapid and permanent decline in worldwide spam," he said.
#50% #good #grum #news #spam #takedown #worldwide
  • Profile picture of the author R Hagel
    When you read those staggering numbers -- and realize that the article just talks about a tiny portion of what spammers are really up to -- it sure makes it sound silly when people say things like, "What's the big deal? Just delete it if you don't like it..."

    Becky
    {{ DiscussionBoard.errors[6638886].message }}
  • Profile picture of the author Joseph Robinson
    Banned
    I'm amazed that they were able to knock out 50% in one attack myself. I wouldn't think they'd ever cut that much out period.
    {{ DiscussionBoard.errors[6638923].message }}
    • Profile picture of the author Jeremy Bratcher
      People do think spam isn't a big deal but if they took how much time deleting each spam message took by each user the amount would be staggering.

      I don't even want to think about how much bandwith or cpu usage has been wasted.
      Signature
      “The question isn’t who is going to let me; it’s who is going to stop me.” – Ayn Rand
      {{ DiscussionBoard.errors[6639225].message }}
  • Profile picture of the author Mike Hill
    This is good news however there will always be someone else to take their place... Unfortunately people are not too wise when it comes to securing their computers. I was hit last week with a nasty trojan that took over 38 hours to get rid of it on my computer.
    {{ DiscussionBoard.errors[6639164].message }}
    • Profile picture of the author R Hagel
      Originally Posted by Mike Hill View Post

      Unfortunately people are not too wise when it comes to securing their computers.

      Yep. And people also aren't wise about NOT clicking on spam and most definitely NOT buying from it.

      Many people think it's NOT spam if they're interested in it. So if a guy with erectile dysfunction gets Viagra spam, he doesn't even consider it spam - he just orders. Meanwhile the same guy hits "spam" on his confirmed opt-in newsletter because he doesn't agree with what the publisher wrote.

      :rolleyes:

      Becky
      {{ DiscussionBoard.errors[6639201].message }}
      • Profile picture of the author Mike Hill
        Originally Posted by R Hagel View Post

        Yep. And people also aren't wise about NOT clicking on spam and most definitely NOT buying from it.

        Many people think it's NOT spam if they're interested in it. So if a guy with erectile dysfunction gets Viagra spam, he doesn't even consider it spam - he just orders. Meanwhile the same guy hits "spam" on his confirmed opt-in newsletter because he doesn't agree with what the publisher wrote.

        :rolleyes:

        Becky
        That is soooo true! People are such emotional creatures...
        {{ DiscussionBoard.errors[6639317].message }}
  • Profile picture of the author mlord10
    Almost fell out of my chair when I read this part:

    "Grum, one of the world's most prolific spammers, generated around 18 billion emails a day, by FireEye's estimates."

    18 BILLION??? That is unreal...
    {{ DiscussionBoard.errors[6639196].message }}
  • Profile picture of the author ErickColletti
    One small step forward for digital kind.
    Signature
    Colletti's Computers
    Contact: Erick Colletti, Owner, Computer Systems Engineer, and Editor
    {{ DiscussionBoard.errors[6639291].message }}
    • Profile picture of the author MissTerraK
      Originally Posted by ErickColletti View Post

      One small step forward for digital kind.
      I think 50% equates to more than a small step.

      Terra
      {{ DiscussionBoard.errors[6639332].message }}
  • Profile picture of the author mego818
    Yeah i dont understand how these spammers make money. None if it usually makes it to my inbox. Maybe off of people who dont use gmail.
    Signature
    Need High Quality Content?
    BOSScontent
    {{ DiscussionBoard.errors[6639325].message }}
  • Profile picture of the author Jeffery
    Originally Posted by mego818 View Post

    Yeah i dont understand how these spammers make money. None if it usually makes it to my inbox. Maybe off of people who dont use gmail.
    Many of those SPAM emails make it possible to do other things such as when clicking a link it installs additional programs on our computers such as key loggers that send user name and password data to the control center.

    Actually it is a long list of all the different things (exploits) that can be done. Lots of people think antivirus and malware programs make a computer safe, but those links in the emails do in fact drop scripts that pass the antivirus and malware programs because the link is manually clicked by by the user.

    I don't want this to turn into a thread that tells people how to SPAM, etc., so I am just happy to see..

    ..for at least a while we are all in a more SPAM Free world.

    Jeffery 100% :-)
    Signature
    In the minute it took me to write this post.. someone died of Covid 19. RIP.
    {{ DiscussionBoard.errors[6640054].message }}
  • Profile picture of the author domz
    Wow, but at 50% of the world's spam, it's a little hard to believe.
    Signature
    {{ DiscussionBoard.errors[6640168].message }}

Trending Topics