Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Botnet Security

Inside the Grum Botnet 34

tsu doh nimh writes "An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide."
This discussion has been archived. No new comments can be posted.

Inside the Grum Botnet

Comments Filter:
  • by ackthpt ( 218170 ) on Tuesday August 21, 2012 @04:56PM (#41074423) Homepage Journal

    200,000 voices were silenced.

    Not particularly good voices, with anything worthwhile to say.

  • by Anonymous Coward on Tuesday August 21, 2012 @05:01PM (#41074489)

    One man's botnet is another man's beowulf cluster

    Many people looked forward to these daily emails offering vital medications, herbal alternatives for male enhancement, and mortgage refinancing opportunities

    Grum, you will be missed!

  • by Anonymous Coward

    Yet it seems like I am getting more and more spam every day. You would think shutting down a server responsible for about 16% of spam, I would see some drop.

  • Why can't they get the IP's of most of the infected computer, send those IP's w/time stamps to ISP's and require those ISP's to send letters to the infected customers letting them know that they help assist in sending billions of email SPAM and to get their computer cleaned? Maybe it will scare some people that feel they aren't vulnerable into realizing they are.

    I donno, it's a thought. I'm sure something could be improved upon that.

    • by Zocalo ( 252965 ) on Tuesday August 21, 2012 @05:45PM (#41074981) Homepage
      Based on the experiences of the DNS Changer Working Group trying to get ISPs to notify their infected users of the imminent demise of the substitute DNS Changer DNS servers, I'd say it is unlikely to work. The sad fact is that many ISPs (and there would be a *lot* of ISPs with hosts on a typical botnet) simply don't give a crap at the best of times, let alone when suggesting they take a course of action that would entail costs - postage of letters, support calls, setting up a sandbox for infected users, etc.
    • For the same reason a lot of ISPs [b]do nothing about spam[/b]. It's paying customers versus angry nerds...
    • It's a nice idea and a nice fantasy, but the sad fact is even if the ISPs sent someone out to clean off those zombie boxen free of charge they'd be infected worse than a transvestite hooker on Bourbon St again in no time flat. PEBKAC.
  • This implies that there are about 1.2 million bots worldwide. Seems low.

    • by ackthpt ( 218170 )

      This implies that there are about 1.2 million bots worldwide. Seems low.

      True.

      Perhaps the others are all at work managing sock-puppets on facebook.

      • by Anonymous Coward

        This implies that there are about 1.2 million bots worldwide. Seems low.

        True.

        Perhaps the others are all at work managing sock-puppets on Slashdot.

        There. FTFY. Courtesy of your friendly neighborhood sock puppet. :)

    • That assumes other botnets send the same number of spam emails per bot as Grum. Given it is the largest, and probably has the largest address list, it probably sends more spam per bot than other botnets. TFA says it had the capability of sending 18b spam message per day, which is about 90k messages per bot. Other botnets might be only sending 50k or 10k per bot per day.

    • This implies that there are about 1.2 million bots worldwide. Seems low.

      Not if all of the spam is coming from the same house [dilbert.com].

    • Sounds about right. I imagine many many times that number get infected every year though. To remain infected and a functioning part of the botnet you need it to stay on the internet, not have it's antivirus updated, not have security updates for the OS, not fall into disuse, not taken in for service and still work without the owner's knowledge that it is infected.

      What kind of person would allow those conditions to occur? Grandma probably does, somebody probably set up the computer for her, she doesn't kn

      • You have a remarkably high opinion of the average computer user.

      • by tqk ( 413719 )

        What kind of person would allow those conditions to occur?

        You're ignoring all the Chinese, Indians, Pakistanis, Indonesians, ... all running pirated versions of Windows, possibly with the malware pre-installed with the pirated OS. Add poorly secured, or ancient and not updated, Linux and *BSD installs. These needn't even be home users. Whole companies in these countries have been known to rely on pirated OSs.

    • This implies that there are about 1.2 million bots worldwide. Seems low.

      Grum was responsible for 1/6 of spam volume, not 1/6 of world botnet size.

  • Drawings of Natalie Portman, naked and petrified? Sign me up, as it is now I have to browse Deviantart profiles and it takes forever.

On a clear disk you can seek forever. -- P. Denning

Working...