July 19, 2012 at 2:52 PM ET
A major spam botnet that inundated email inboxes around the world with emails promoting fake prescription drugs is gone. So says the security firm that helped kill it.
"The Grum botnet has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned," wrote Atif Mushtaq of FireEye Malware Intelligence Lab in California, referring to computers enslaved by hackers for malicious use. The security firm worked with The Spamhaus Project, computer experts and Internet service providers around the world in the effort.
The botnet has been around for about four years, and "has lately been responsible for about 15 to 17 percent of all spam," Vincent Hanna of The Spamhaus Project, told NBC News Thursday. The group is an international nonprofit organization, with offices in Geneva and London, that tracks spam operations and works with law enforcement agencies to identify "spam gangs" around the world.
"On any given day more than 100,000 IP addresses would be used to send out Grum-produced spam messages," Hanna said. "During one week, we would see about half-a-million different IP addresses send Grum spam."
Getting rid of Grum involved an elaborate hide-and-seek game globally, from Panama to Russia and places inbetween during three days this week, according to Mushtaq, who shared the tale on FireEye's blog, saying in part:
With the shutdown of the Panamanian server, a complete segment was dead forever. This good news was soon followed by some bad news. After seeing the Panamanian server had been shut down, the bot herders moved quickly and started pointing the rest of the CnCs to new secondary servers in Ukraine.
Grum's takedown, he wrote, "resulted from the efforts of many individuals. This collaboration is sending a strong message to all the spammers":
Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonald's, or sell hot dogs, but don't send us spam.
David Harley, ESET security firm senior research fellow, told NBC News said that Grum's elimination "should certainly result in a short-term reduction" of spam, but that he expects to see "other spammer networks" quickly work to fill the void.
"I can’t say how fast they can ramp up to meet demand: spam throughput depends on several factors, not least the volume of available zombies," he said. "That’s not really something I can predict. Major takedowns can have a perceptible impact for weeks, even months, but that doesn’t mean it will be the case here."
Hanna, of The Spamhaus Project, said Grum "was definitely one of the bigger botnets out there ... We're very glad with this at-least-for-now victory over the cyber criminals. It shows that with cooperation, difficult things like taking down a botnet can get done."