Business, Economics and Jobs

Enormous spam botnet brought down by online security champions


A computer screen inbox displaying unsolicited emails known as 'spam' in Hong Kong on March 20, 2009. The territory is under siege from legions of zombies attacking people with spam and leaving in their wake a trail of destruction costing millions of dollars a year, analysts have warned.


Mike Clarke

One of the world’s largest spam botnets was taken down by security researchers on Wednesday, putting an end to upwards of 17 percent of worldwide email spam advertising fake prescription drugs.

The “Grum” botnet was made up of more than 120,000 hijacked computers and used by spammers to send out enormous amounts of emails to inboxes across the globe. 

“I am glad to announce that, after three days of effort, the Grum botnet has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned,” wrote Atif Mushtaq, an employee of FireEye Malware Intelligence Lab. The anti-malware firm teamed up with The SpamHaus project and local internet service providers to bring down Grum’s servers based in Panama, Russia and Ukraine.

More from GlobalPost: Judge in Megaupload case steps down

The Grum botnet was responsible for up to 17 percent of worldwide spam traffic just before it was shut down on Wednesday according to Vincent Hanna of the SpamHaus Project, a nonprofit organization working to track and shut down global spam.

"On any given day more than 100,000 IP addresses would be used to send out Grum-produced spam messages," Hanna said to NBC News. "During one week, we would see about half-a-million different IP addresses send Grum spam." 

The operation to take down what was possibly the world’s largest botnet was no simple feat. Shortly after the team successfully shut down Grum’s Panamanian server, the “bot herders” went on the move to recoup their losses. 

“After seeing the Panamanian server had been shut down, the bot herders moved quickly and started pointing the rest of the CnCs to new secondary servers in Ukraine. So at one point, I was thinking that all we needed was to take down one Russian server, but right in front of my eyes, the bot herders started pointing their botnet to new destinations. I must say, for a moment, I was stunned,” wrote Atif Mushtaq.

More from GlobalPost: Anonymous seeks to rid internet of child pornography

Mushtaq then shared the new information with other members of his team and they refocused the bulk of their efforts to the six new servers in Ukraine.

“As a result of this overnight operation, all six new servers in Ukraine and the original Russian server were dead as of [Wednesday] July 18, at 11:00 AM PST,” added Mustaq.

While members of the team that took down Grum admit that there are plenty of other botnets, this victory over spam is incredibly significant. 

Hanna, of The SpamHaus Project, said to NBC news that Grum "was definitely one of the bigger botnets out there ... We're very glad with this at-least-for-now victory over the cyber criminals. It shows that with cooperation, difficult things like taking down a botnet can get done."

At least for a brief and sublime moment in time, inboxes around the world will be free of fake Viagra ads and promises of increased penis size.

More from GlobalPost: Anonymous declares war on Japan