There are dedicated botnets out there in the wide world that exist solely for the purpose of distributing spam. Grub, the third largest botnet in the world, was finally taken offline by security experts yesterday, resulting in a dramatic 18% reduction of global spam. Grum’s servers, which were based in Russia, Panama, and the Netherlands, controled around 100,000 PCs. The two botnets that take first and second place, Cutwail and Lethic, are still active.
It took three days for security teams to knock the Grum servers offline, and the team is confident that it won’t be able to start back up again anytime soon: “The botnet does not have any apparent fall back mechanisms that would allow it to spin back up easily in the days to come.” Two command and control servers in the Netherlands were targeted first, then a Panamanian ISP eventually shut down another after feedback from the community.
It wasn’t all that easy, however, as six new command and control servers were enabled in the Ukraine after the Panama server was shut down. Eventually the FireEye Malware Intelligence Lab enrolled heavy cooperation from Russian ISPs and domain registrars, bringing all the servers down once and for all on Wednesday. Some of the bots are still sending out spam, but researchers believe it will eventually wither and die as the template memory runs dry.