Please create an account to participate in the Slashdot moderation system


Forgot your password?
Botnet Security

Inside the Grum Botnet 34

tsu doh nimh writes "An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide."
This discussion has been archived. No new comments can be posted.

Inside the Grum Botnet

Comments Filter:
  • by ackthpt ( 218170 ) on Tuesday August 21, 2012 @05:56PM (#41074423) Homepage Journal

    200,000 voices were silenced.

    Not particularly good voices, with anything worthwhile to say.

    • Re:And suddenly (Score:4, Insightful)

      by PPH ( 736903 ) on Tuesday August 21, 2012 @06:04PM (#41074523)

      Actually, 200,000 voices with only one mind.

      Sort of like a political action committee

      • by Krojack ( 575051 )

        Or the Borg?

        Someone had to toss that in there...

        • Even with the Grum Botnet taken offline, my email address is still getting all kinds of spam and scam, every single day

          Like others, I set up spam filters save the clutters, but I do not know how many genuinely worthy messages my spam-filter had mistakenly deleted

          Those goddamn spammers have ruined it

    • And yet... (Score:4, Interesting)

      by winkydink ( 650484 ) <> on Tuesday August 21, 2012 @06:30PM (#41074817) Homepage Journal

      spam levels have increased since the takedown! []

      fast forward to Grum Botnet part of timeline.

    • Don't worry... the voices weren't silenced; they just were required to switch to another communications mechanism. Grum's gone, but the people using it are still around, and sending their spam via other means. You will still get your links to HGH pills, botnet infectors and fake AV software.

    • Re:And suddenly (Score:4, Insightful)

      by hairyfeet ( 841228 ) <bassbeast1968@gm ... minus herbivore> on Tuesday August 21, 2012 @09:39PM (#41076611) Journal

      The sad part? as someone who actually have to clean these machines it doesn't matter about UAC, or low rights mode, or any possible security you put in the OS because in the end it becomes another case of the dancing bunnies [] and there is no tech cure for that short of sticking them in a walled garden ala Apple where they can't do a damned thing without the corporation's approval.

      I've seen it a million times, all the malware writer has to do is offer them the right carrot, be it some celeb nekkid, some free porn, screensavers, hell I've seen people infect their machines for a chance to win an iPad. Offer them a cookie and all the security levels and permissions and AV software is worth jack and squat because they will disable it with a smile on their face.

      In the end all you can do is educate those that will listen and be ready to clean up the mess like with TFA for those that don't.

  • by Anonymous Coward on Tuesday August 21, 2012 @06:01PM (#41074489)

    One man's botnet is another man's beowulf cluster

    Many people looked forward to these daily emails offering vital medications, herbal alternatives for male enhancement, and mortgage refinancing opportunities

    Grum, you will be missed!

  • by Anonymous Coward

    Yet it seems like I am getting more and more spam every day. You would think shutting down a server responsible for about 16% of spam, I would see some drop.

  • Why can't they get the IP's of most of the infected computer, send those IP's w/time stamps to ISP's and require those ISP's to send letters to the infected customers letting them know that they help assist in sending billions of email SPAM and to get their computer cleaned? Maybe it will scare some people that feel they aren't vulnerable into realizing they are.

    I donno, it's a thought. I'm sure something could be improved upon that.

    • by Zocalo ( 252965 ) on Tuesday August 21, 2012 @06:45PM (#41074981) Homepage
      Based on the experiences of the DNS Changer Working Group trying to get ISPs to notify their infected users of the imminent demise of the substitute DNS Changer DNS servers, I'd say it is unlikely to work. The sad fact is that many ISPs (and there would be a *lot* of ISPs with hosts on a typical botnet) simply don't give a crap at the best of times, let alone when suggesting they take a course of action that would entail costs - postage of letters, support calls, setting up a sandbox for infected users, etc.
    • For the same reason a lot of ISPs [b]do nothing about spam[/b]. It's paying customers versus angry nerds...
    • It's a nice idea and a nice fantasy, but the sad fact is even if the ISPs sent someone out to clean off those zombie boxen free of charge they'd be infected worse than a transvestite hooker on Bourbon St again in no time flat. PEBKAC.
  • This implies that there are about 1.2 million bots worldwide. Seems low.

    • by ackthpt ( 218170 )

      This implies that there are about 1.2 million bots worldwide. Seems low.


      Perhaps the others are all at work managing sock-puppets on facebook.

      • by Anonymous Coward

        This implies that there are about 1.2 million bots worldwide. Seems low.


        Perhaps the others are all at work managing sock-puppets on Slashdot.

        There. FTFY. Courtesy of your friendly neighborhood sock puppet. :)

    • That assumes other botnets send the same number of spam emails per bot as Grum. Given it is the largest, and probably has the largest address list, it probably sends more spam per bot than other botnets. TFA says it had the capability of sending 18b spam message per day, which is about 90k messages per bot. Other botnets might be only sending 50k or 10k per bot per day.

    • This implies that there are about 1.2 million bots worldwide. Seems low.

      Not if all of the spam is coming from the same house [].

    • Sounds about right. I imagine many many times that number get infected every year though. To remain infected and a functioning part of the botnet you need it to stay on the internet, not have it's antivirus updated, not have security updates for the OS, not fall into disuse, not taken in for service and still work without the owner's knowledge that it is infected.

      What kind of person would allow those conditions to occur? Grandma probably does, somebody probably set up the computer for her, she doesn't kn

      • You have a remarkably high opinion of the average computer user.

      • by tqk ( 413719 )

        What kind of person would allow those conditions to occur?

        You're ignoring all the Chinese, Indians, Pakistanis, Indonesians, ... all running pirated versions of Windows, possibly with the malware pre-installed with the pirated OS. Add poorly secured, or ancient and not updated, Linux and *BSD installs. These needn't even be home users. Whole companies in these countries have been known to rely on pirated OSs.

    • This implies that there are about 1.2 million bots worldwide. Seems low.

      Grum was responsible for 1/6 of spam volume, not 1/6 of world botnet size.

  • Drawings of Natalie Portman, naked and petrified? Sign me up, as it is now I have to browse Deviantart profiles and it takes forever.

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"