We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Authorities down servers of third-largest spam botnet

Authorities in three countries have taken down a half-dozen command-and-control servers for the Grum botnet, crippling the world's third-largest spam-spewing network.

A total of five servers in Panama and the Ukraine were taken down Tuesday, while the plug was pulled on two servers in the Netherlands over the last few days, Atif Mushtaq, a researcher at FireEye's security lab, said.

FireEye, the Russian Computer Security Incident Response Team and the Spamhaus Project have been playing a cat-and-mouse game with the spammers, who have launched new servers when others are taken down.

"It's a dogfight between the research community and the bot herders," Mushtaq said. Bot herders refer to the operators of the network of malware-infected, commandeered computers in the botnet.

Grum is responsible for more than 17 percent of the world's spam, according to Mushtaq. Most of the spam sells fake Rolex watches and Viagra.

As of late Tuesday, the master server and one command-and-control server were operating in Russia, where Mushtaq believes the spammers are headquartered.

FireEye has watched Grum since 2008, when it was only the seventh or eighth largest spam botnet. Since then, larger botnets, such as Kelihos, Rustock and Zeus, have been taken down, so Grum has climbed up the charts.

Over the last few years, the tech industry has become more aggressive in battling botnets. In March, Microsoft won court permission to seize the servers of the Zeus botnet, which cybercriminals used to steal $100 million over five years.

Most of the money came through stealing online banking and e-commerce credentials. Microsoft also was involved in the takedown of servers in the Kelihos, Rustock and Waledac botnets.

The amount of spam flowing into people's inboxes has fallen at least 60 percent since the peak in 2008, Mushtaq said. Many ex-spammers have switched from running huge botnets that attract the attention of authorities to operating small networks aimed more at infecting computers with information-stealing malware.

"These guys have learned they need to fly under the radar," Mushtaq said. "Making one huge botnet will make them very visible."

Spammers also are turning from PCs to Android devices in building botnets for sending pharmacy, penny stock and e-card spam emails. Microsoft reported this month seeing spam sent from Android devices spewing from Yahoo email servers. The infected devices were located in Ukraine, Russia, Chile, Argentina, Venezuela, Indonesia, Thailand, Philippines, Lebanon, Oman and Saudi Arabia.

The consequence of sending spam from a mobile device is a higher wireless bill for the owner. Thousands of spam messages flowing from a device means a big jump in data traffic, which can lead to additional charges when volume surpasses a person's data plan.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model