Saturday, July 21, 2012

Massive spam botnet shut down, say experts

21 hrs.

A major spam?botnet that inundated email inboxes around the world with emails promoting fake prescription drugs is gone. So says the security firm that helped kill it.

"The?Grum botnet?has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned," wrote?Atif Mushtaq of?FireEye Malware Intelligence Lab in California, referring to computers enslaved by hackers for malicious use. The security firm worked with The Spamhaus Project, computer experts and Internet service providers?around the world in the effort.

The botnet has been around for about four years, and "has lately been responsible for about 15 to 17 percent of all spam," Vincent Hanna of The Spamhaus Project, told NBC?News Thursday. The group is an international nonprofit organization, with offices in Geneva and London, that tracks spam operations and works with law enforcement agencies to identify "spam gangs" around the world.?

"On any given day more than 100,000 IP addresses would be used to send?out Grum-produced spam messages," Hanna said. "During one week, we would see about?half-a-million different IP addresses send Grum spam."

Getting rid of Grum involved an elaborate hide-and-seek game globally, from Panama to Russia and places inbetween during three days this week, according to Mushtaq, who shared the tale on FireEye's blog, saying in part:

With the shutdown of the Panamanian server, a complete segment was dead forever. This good news was soon followed by some bad news. After seeing the Panamanian server had been shut down, the bot herders moved quickly and started pointing the rest of the CnCs to new secondary servers in Ukraine.

Grum's takedown, he wrote, "resulted from the efforts of many individuals. This collaboration is sending a strong message to all the spammers":

Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonald's, or sell hot?dogs, but don't send us spam.

David Harley,?ESET?security firm senior research fellow,?told NBC?News said that Grum's elimination "should certainly result in a?short-term reduction" of spam, but that he expects to see "other spammer networks" quickly work to fill the void.

"I can?t say how fast they can ramp up to meet demand: spam throughput depends on several factors, not least the volume of available zombies," he said. "That?s not really something I can predict. Major takedowns can have a perceptible impact for weeks, even months, but that doesn?t mean it will be the case here."

Hanna, of The Spamhaus Project, said?Grum "was definitely one of the bigger botnets out there ...?We're very glad with this at-least-for-now?victory over the?cyber?criminals. It shows that with cooperation, difficult things like?taking down a botnet can get done."

Check out Technolog, Gadgetbox, Digital Life and In-Game on?Facebook,?and on?Twitter, follow Suzanne Choney.

Source: http://www.technolog.msnbc.msn.com/technology/technolog/massive-spam-botnet-grum-shut-down-says-anti-malware-team-896313

bernard hopkins nfl draft grades devils dodgers sf giants rachel maddow gia

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.