Grum sounds, perhaps, like some bizarre disease – and indeed, it is really, albeit a blight on the world of a virtual variety.
Grum is, or was, one of the largest spamming botnets in the world, and has quite probably cluttered your spam folder with some emails offering hokey pills and potions at some point (or worse still, your inbox).
Grum command and control servers have been knocked out all over the globe this week, with the Dutch server being taking out at the start of the week, on Monday, then the server in Panama the following day.
According to FireEye Malware Intelligence Lab, Grum consisted of two major segments: the Panamanian operation, and a Russian one, and it’s the latter which was tackled next – along with secondary servers in the Ukraine (which were fired up after Panama had been shut down).
Fireeye’s Atif Mushtaq notes: “The bot herders replaced the two Dutch servers with six new servers located in Ukraine. Ukraine has been a safe haven for bot herders in the past and shutting down any servers there has never been easy.”
“I immediately shared this new information with three different parties—Carel Van Straten and Thomas Morrison from Spamhaus, Alex Kuzmin from CERT-GIB, and an anonymous researcher who goes by the pseudonym Nova7. After they got all the evidence from my side, they moved quickly passing this intelligence back to their contacts in Ukraine and Russia.”
And things happened very swiftly from there, with the multiple Ukrainian servers, and the original Russian server, being taken out on Wednesday.
Therefore, in three short days, Grum had been killed off.
That means there’s a bit less spam sloshing around across the globe now, and it’s also encouraging from a policing point of view, with even ISPs within Russia and Ukraine forced to bow to pressure to stifle botnets.
“There are no longer any safe havens [for spammers],” Mushtaq asserts, and let’s hope he’s right.