World's third largest botnet taken down

Security researchers have taken down a four year old botnet responsible for generating around 18 billion spam emails a day.

The Grum botnet was credited with creating more than 33 per cent of the world's spam email at the peak of its power in January 2012. In recent times, this figure is understood to have slumped to 18 per cent.

The botnet's demise was confirmed by security vendor FireEye in a blog post after several overseas command and control (CnC) servers, which were responsible for powering Grum, were shut down.

The posts states that Grum's termination was the result of a group effort, which saw FireEye security researcher, Atif Mushtaq, team up with spam monitoring specialist Spamhaus, ISPs and several other research teams from across the globe.

"After they got all the evidence from my side, they moved quickly passing this intelligence back to their contacts in Ukraine and Russia," said Mushtaq in his blog post.

"As a result of this overnight operation, all six servers [currently powering Grum] in the Ukraine and the original Russian server were dead as of today.

"Grum's takedown resulted from the efforts of many individuals. This collaboration is sending a strong message to all scammers," he added.

According to Spamhaus' figures, Grum used an average of 120,000 IP addresses to distribute its emails. This figure was slashed to 21,505 as soon as the CnC servers were shut off.

"Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time," Mushtaq added.