Botnets are a very common nuisance in the tech world. Botnet is a network which mostly comprises of such computers which have been infected via malware. These compromised machines are then used to generate spam and send it out to millions of users. The good news are that security researchers have recently been able to shut down a huge botnet.
The botnet in question is termed ‘Grum’. Grum was a huge network of infected computers which sent out about 18% of the total spam email that is generated worldwide! The control servers for this huge network were in Russia, Panama and Ukraine.
Normally, it is very hard to shut down a botnet server because they are usually operated from countries such as Ukraine. But due to the persistent efforts of the spam-tracking company, SpamHaus and security company, FireEye, the local ISPs hosting these botnet servers were eventually forced to shut them down.
According to a security researcher at FireEye, Atif Mushtaq, “Grum’s takedown resulted from the efforts of many individuals. This collaboration is sending a strong message to all the spammers: Stop sending us spam. We don’t need your cheap Viagra or fake Rolex.”
Initially, a Dutch server which was part of Grum was shut down. But soon, the traffic was being routed to secondary botnet servers in Ukraine. It was not an easy job to have the Grum servers shut down. FireEye collaborated with security researchers from around the globe and was then able to pressurize ISPs to shut them down.
Mushtaq further says, “When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders. There are no longer any safe havens. Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox.”