Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Botnet Crime Security The Internet News

Dutch Police Takedown C&Cs Used By Grum Botnet 45

Posted by timothy from the why-so-grum? dept.
wiredmikey writes "Dutch authorities have pulled the plug on two secondary servers used by the Grum botnet, a large botnet said to produce about 17% of the world's spam. According to researchers from FireEye, the backup C&C servers were located in the Netherlands, and once word of their existence was released, Dutch authorities quickly seized them. While any C&C server takedown is a win, the impact may be minimal, as the two primary servers are fully active, and the datacenters hosting them are unresponsive to fully documented abuse reports. That being said, FireEye's Atif Mushtaq noted that the botnet does has some weak spots, including the fact that Grum has no failback mechanism, has just a few IPs hardcoded into the binaries, and the botnet is divided into small segments, so even if some C&Cs are not taken down, part of botnet can still remain offline. The removal of the C&C servers shines light on how quickly some law enforcement agencies work, given that proof of their existence is just over a week old."
This discussion has been archived. No new comments can be posted.

Dutch Police Takedown C&Cs Used By Grum Botnet More

Dutch Police Takedown C&Cs Used By Grum Botnet

Comments Filter:

  • how about kicking infected machines offline? (Score:0, Interesting)

    by Anonymous Coward on Tuesday July 17, 2012 @11:49AM (#40674489)

    I'm increasingly in favour of ISPs not routing packets from any infected machine, no matter what it's infected with.

    That will remove 75% of the public from the internet, you say? Fine, I say. Until the time they learn to operate a computer in the most basic of ways, the internet will be better off without their zombied boxes spewing spam and being used for DDSing.

    I don't even care what OS they use. If you can't secure whatever one you pick and operate it in a safe manner, then sorry, no internet for you. We don't tolerate putting up some factory with no pollution controls and causing air quality problems for whole cities. We don't let people fly aircraft who are unqualified to do so. The internet is a public commons, and we need to stop tolerating the incompetent ruining that commons for everyone else.

  • Why not blackhole those datacenters? (Score:5, Interesting)

    by swb ( 14022 ) on Tuesday July 17, 2012 @12:00PM (#40674643)

    I'm surprised there's not more voluntary cooperation among ISPs to blackhole unresponsive datacenters hosting botnet command infrasturcture.

    Is the money for hosting that kind of stuff that good, or is it one of those semi-political things where those data centers are in a country like Russia where the difference between organized crime and the government depends on what time of day it is?

  • I see a plan: (Score:4, Interesting)

    by SuricouRaven ( 1897204 ) on Tuesday July 17, 2012 @12:23PM (#40674887)
    1. Announce the C&C server IPs to the world.
    2. Watch Anonymous DDoS them so hard the host will have to choice but to kick them to protect the rest of their datacenter.

    And the best part is that the operators of the servers have no legal recourse at all, because that would mean revealing their identities.

Slashdot Top Deals

"Engineering without management is art." -- Jeff Johnson

Close