Forgot your password?
typodupeerror
Botnet Spam Security News

A Month After Grum Botnet Takedown, Spam Back To Previous Levels 47

Posted by timothy
from the it's-like-the-pollen-count dept.
wiredmikey writes "It's been over a month since spam-spewing Grum botnet has been shut down, but spam experts say there hasn't been a noticeable impact on global spam volume. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent. However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes."
This discussion has been archived. No new comments can be posted.

A Month After Grum Botnet Takedown, Spam Back To Previous Levels

Comments Filter:
  • Spam continues to be an annoyance to anyone without an active probabilistic filter.
    • People who have bad security practices on their computers, still have bad security practices on their computers.

      or

      People with one infection on their computers, are more likely to have another.

      • by ackthpt (218170)

        People who have bad security practices on their computers, still have bad security practices on their computers.

        or

        People with one infection on their computers, are more likely to have another.

        Operating systems with sufficient security gaps, due to interdepartmental squabbles, deviation from established use of APIs and failure to adhere to sound programming practices will create fertile ground for more bots and botnets.

        Attitude of the bot architects: go ahead, take down grum, we'll make moar

  • by Nidi62 (1525137) on Tuesday August 28, 2012 @12:18PM (#41150455)
    Is it not possible they simply have a few botnets sitting around unused ready to be activated should an active botnet go down? While the revenue of having one botnet operating with one in reserve probably wouldn't be as high as having both operating, it would give a greater guarantee of continued revenue.
    • by Chaonici (1913646)

      Amusingly, criminals grasp what large corporations can't: Long-term profits > short-term profits.

  • A company gets shutdown, but the demand for email advertising is still there, so other companies move-in to fill the need of customers. (Same thing happened with megaupload..... shutting it down didn't stop file sharing. It just showed the U.S. government is a lackey/hitman for the Hollywood megacorps. AKA fascist.)

    • by ackthpt (218170)

      A company gets shutdown, but the demand for email advertising is still there, so other companies move-in to fill the need of customers. (Same thing happened with megaupload..... shutting it down didn't stop file sharing. It just showed the U.S. government is a lackey/hitman for the Hollywood megacorps. AKA fascist.)

      Companies?!?

      These aren't companies, these are criminal going concerns, some well organized, but I don't expect you'll see them listed on NASDAQ any time soon.

      although facebook did get listed, so who really knows

      • Re: (Score:3, Funny)

        by idontgno (624372)

        These aren't companies, these are criminal going concerns, some well organized,

        Wait, what?. I thought you said they weren't companies. I'm confused.

        but I don't expect you'll see them listed on NASDAQ any time soon.

        Oh, they're privately-held companies. No biggie. Those are the real engines of industry and the heart of the entrepreneur class.

        Ah I see. "Criminal". The only real difference between "criminal concern" and "legitimate entrepreneur" is the size of their lobbying budget and legal departments.

      • by fifedrum (611338)

        facebook only got listed on an exchange because it was time for the dump in the pump-and-dump. The concerns behind it simply turned the key on the next phase, dumped their stock on useful idiots and corrupt investment banks, and walked away with their billions. They don't care about the value of the company, the fact that it's listed on an exchange, or the future of the company. They got theirs. You won't get yours.

    • by dkleinsc (563838)

      It's just like busting a major-league drug dealer: You take away the crack connection in an area, and all that happens is that his competitors move in to take over what was his territory (possible with some people killed while they figure out who controls what).

  • by damn_registrars (1103043) <damn.registrars@gmail.com> on Tuesday August 28, 2012 @12:28PM (#41150615) Homepage Journal
    Filtering can be a good first line defense, yes. However it will never, ever solve the spam epidemic on its own. No amount of filtering ever will.

    This is about a group that took a better step, in going after a botnet. That is more effective than filtering in the long term, but still won't do the trick.

    The long term solution comes from acknowledging that spam is an economic problem. A lot of reactionary measures (such as filtering) treat spam almost as if it is a game or a personal attack on themselves. Spammers don't give a shit who you are or what your reaction is to spam. Spammers just want to make money. Someone is paying them to send out spam. If you want to stop spam for real, you need to stop the money. If the spammers don't get paid, they don't send out spam.

    It's that simple. Everything else just kicks the can down the road.
    • by cpu6502 (1960974)

      (1) How do we stop the money? (2) And why should we bother? Spam is no more offensive than the spam I hear on the radio or TV.

      I'm more worried about the war on nude photos. Did you her about the gay UK politician whose career was destroyed? They accused him of having nude children on his computer. They couldn't find anything but one image that "looked like" a teen but was later proved to be a 22 year old. (Guilty until proved innocent.) Then they tried to go after him for having gay images on his co

      • by damn_registrars (1103043) <damn.registrars@gmail.com> on Tuesday August 28, 2012 @12:57PM (#41151061) Homepage Journal

        (1) How do we stop the money?

        You might be the first person who has ever asked this question when I have pointed out this dilemma here on slashdot. Most other people respond by advocating murdering the spammers in some way, shape, or form instead.

        The money can be stopped a few different ways. A few years ago a group at Georgia Tech (IIRC) found that the majority of all financial transactions executed on spamvertised sites were processed through a very short list of processing centers. Getting those guys to clean up their act would be a big step in the right direction.

        Another is to find where the spammers themselves are receiving payment (as the above method goes after the people paying the spammer instead). Following the money isn't that hard if you initiate a transaction (to track it from one end) and get useful records of who really owns the domain for the spamvertised site (which is often registered in some way to the spammer).

        I thank you for asking the question.

        (2) And why should we bother?

        The biggest argument for doing something about spam lies in the fact that spam makes the internet more expensive for everyone. Being as a large portion of all traffic is spam, it means that legitimate traffic is delayed as a result. And of course the spam also takes up space on hard drives (sometimes in replicate as it traverses from a server to a user's computer) and CPU time. Any company that is running a spam filter - be it software, hardware, or some of each - is also devoting resources to the problem that someone has to pay for.

        Spam is no more offensive than the spam I hear on the radio or TV.

        I would argue that to be an incorrect analogy for the reasons I stated above. You can turn off your radio or TV and you won't hear your local car dealer screaming at you to come buy a new car. However if you turn off your computer you are still paying your ISP to move spam around. Even worse you are paying for your ISP to build up its network infrastructure so they can deliver the bandwidth the promised you while also dealing with the avalanche of spam coming to their network every moment.

      • by Nyder (754090)

        (1) How do we stop the money? (2) And why should we bother? Spam is no more offensive than the spam I hear on the radio or TV.

        I'm more worried about the war on nude photos. Did you her about the gay UK politician whose career was destroyed? They accused him of having nude children on his computer. They couldn't find anything but one image that "looked like" a teen but was later proved to be a 22 year old. (Guilty until proved innocent.) Then they tried to go after him for having gay images on his computer but of course that's not a crime.

        The end result was the guy was fired from his job, received hate speech scrwled on his house, and now he's hiding. All because of the UK war on nude photos. (A war that also exists in Australia unfortunately.) Possession of an image, even if it's an actual murder scene, should not be a crime.

        Well, to be fair, brits are pretty ugly and probably worse nude.

    • by heypete (60671)

      Yes, but with excellent filtering and easy filter-training spam becomes less economical.

      Take, for example, Gmail's spam filters: I receive thousands of spams per month (down from tens of thousands a month from year or two ago) at my personal address hosted on Google Apps. Out of all those messages, maybe one or two a month slip by the filters. I select the messages and click "mark as spam" and they're gone from my mailbox and help train the filter. This is trivial work for the user and benefits the entire c

      • Shut down the spammers at the source go after the money. The companies that are advertised in the spam have real contact information in order for them to fleece customers. This contact information can be used to trace the spammers' clients. Cut out the clients and the spammers have to go into another business.

        No one thing is going to take down the spam problem all by itself. But you can't continue to ignore the origin of the flow of money. Cut the money off at the source: the spammers' clients.

        Next ste

        • Shut down the spammers at the source go after the money.

          Yup, the source are the countless ISPs who prefer money over whining "net cops". Quite some spam I get nowadays originates at ISPs like Dimenoc, iWeb, MediaTemple... As long as their customers pay they are happy to provide their services.

          • The ISPs might also be part of the problem but I am thinking specifically those whose products are advertised via spam. Come down on them and the market for spam goes away. They are the ones that are financing the whole fiasco.

            • Personally I think it's way easier to go after the ISPs. Currently they can provide the infrastructure without much penalty. If ISPs can be forced to take down sites of people who advertise via spam, it will hurt those people as well (they have to move, which costs money).
        • I agree with you, for the most part.

          Cut the money off at the source: the spammers' clients.

          That's one place. Don't forget the spammers pay bills, too. I've seen times when the spammers (usually under pseudonyms) will register the spamvertised domain name, too. There is almost always a morally-impaired registrar (and ISP) on the take in the process.

          Get rid of those, get everyone on Linux, BSD or OS X and the bot nets go away.

          As much as I would love to bear witness to the end of MS Windows, I don't think that will happen. And even if this afternoon was the end of Windows, it wouldn't be the end of botnets. You would still have lazy

    • I wonder if Romney would be against the idea of microtaxes on bulk emails. Probably. I can see the TV ad now : Romney is Pro-Spam!
  • They just tipped off the crooks. Simply taking them down leaves the criminals at large, and they just learn to spam better.

    Microsoft's silly and pointless lawsuits won't work either. How do you sue somebody in a different jurisdiction, with different laws, no buy-in by host government, where you don't know their names? These people are CRIMINALS, and don't give a rat's ass.

    The only way to stop this kind of criminality is hard jail time. Getting buggered rotten in the Gulag should help concentrate some minds

  • Literally.. The internet is living blob of goo... with all its viral infections and everything. It's time to dissect it in the biology lab, with all the other frogs.

  • I only see one publicly visible spam volume graph supporting this claim: SpamHaus CBL [abuseat.org] (look at the "Last quarter" graph).

    SpamCop [spamcop.net] and SenderBase [senderbase.org] suggest the overall trend is still down, though I'm not convinced this is related to Grum -- it appears Grum just wasn't as major a player as people thought.

    The other graphs I have bookmarked, from McAfee [mcafee.com] (click the "Historic Data" tab) and Symantec [symanteccloud.com], are inconclusive.

Happiness is a positive cash flow.

Working...