View Full Version : World's No. 3 spam botnet gasps dying breath after tense takedown

07-18-12, 09:40 PM
Security researchers said they dismantled the world's No. 3 spam botnet after convincing the companies that hosted its command and control servers to pull the plug on the operation.

Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post (http://blog.fireeye.com/research/2012/07/grum-botnet-no-longer-safe-havens.html) that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.

"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam.'"

Read 3 remaining paragraphs (http://arstechnica.com/security/2012/07/grum-botnet-gasps-dying-breath/) | Comments (http://arstechnica.com/security/2012/07/grum-botnet-gasps-dying-breath/?comments=1#comments-bar)

http://feeds.feedburner.com/~ff/arstechnica/index?i=pqInylC9-gg:7f99wWoiaVs:V_sGLiPBpWU (http://feeds.arstechnica.com/~ff/arstechnica/index?a=pqInylC9-gg:7f99wWoiaVs:V_sGLiPBpWU) http://feeds.feedburner.com/~ff/arstechnica/index?i=pqInylC9-gg:7f99wWoiaVs:F7zBnMyn0Lo (http://feeds.arstechnica.com/~ff/arstechnica/index?a=pqInylC9-gg:7f99wWoiaVs:F7zBnMyn0Lo) http://feeds.feedburner.com/~ff/arstechnica/index?d=qj6IDK7rITs (http://feeds.arstechnica.com/~ff/arstechnica/index?a=pqInylC9-gg:7f99wWoiaVs:qj6IDK7rITs) http://feeds.feedburner.com/~ff/arstechnica/index?d=yIl2AUoC8zA (http://feeds.arstechnica.com/~ff/arstechnica/index?a=pqInylC9-gg:7f99wWoiaVs:yIl2AUoC8zA)

More... (http://feeds.arstechnica.com/~r/arstechnica/index/~3/pqInylC9-gg/)