Massive Botnet is Brought Down, Curtailing Flow of Pharmaceutical Spam

Grum, the world's third-largest botnet, was reportedly responsible for 18 percent of all spam, or 18 billion spam messages per day.

Security researchers have brought down one of the world's largest botnets, ensuring a massive drop in pharmaceutical spam for inboxes everywhere.

Grum, the world's third-largest botnet, was responsible for 18 percent of all spam, or 18 billion spam messages per day, the New York Times reports. Last week alone, Grum accounted for 35 percent of total spam, according to Trustwave.

But it all came crashing down this week, when researchers pressured providers of Internet service and bandwidth to cut off the botnet's servers. Grum suffered a major blow early in the week, when command and control servers in the Netherlands were taken down. In a blog post Wednesday, FireEye researcher Atif Mushtaq wrote that the remaining servers in Panama, Ukraine and Russia were taken offline as well.

The news is significant because bot herders have viewed those countries as safety zones. When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders, Mushtaq wrote. There are no longer any safe havens.

Researchers have already seen a payoff: Only 21,505 Grum IP addresses are sending spam now, compared with 120,000 IP addresses before the takedown. Mushaq believes the rest of the spam will dissipate as templates expire. (Grum's reach was likely larger than 120,000 IP addresses, but infected computers in corporate environments may be blocked from sending spam e-mails.)

Grum isn't the only source of bogus Viagra spam in your inbox. Cutwail and Lethic are often just as prolific in sending e-mail spam, or more so. But with the takedown of Grum, Mushtaq believes researchers have sent a strong message to spammers, and have proven that they'll have a harder time staying untouchable.

Keep dreaming of a junk-free inbox, he wrote. Or, use an e-mail service with a good spam filter.

Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Jared Newman

Latest Videos

More videos

Blog Posts