Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside the Grum Botnet

Posted by Soulskill on from the creamy-nougat-filling dept.

tsu doh nimh writes "An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide."

3 of 34 comments (clear)

  1. Re:And suddenly by PPH · · Score: 3, Insightful

    Actually, 200,000 voices with only one mind.

    Sort of like a political action committee

    --
    Have gnu, will travel.
  2. Re:Notify ISP's to Notify Infected Customers? by Zocalo · · Score: 3, Insightful

    Based on the experiences of the DNS Changer Working Group trying to get ISPs to notify their infected users of the imminent demise of the substitute DNS Changer DNS servers, I'd say it is unlikely to work. The sad fact is that many ISPs (and there would be a *lot* of ISPs with hosts on a typical botnet) simply don't give a crap at the best of times, let alone when suggesting they take a course of action that would entail costs - postage of letters, support calls, setting up a sandbox for infected users, etc.

    --
    UNIX? They're not even circumcised! Savages!
  3. Re:And suddenly by hairyfeet · · Score: 3, Insightful

    The sad part? as someone who actually have to clean these machines it doesn't matter about UAC, or low rights mode, or any possible security you put in the OS because in the end it becomes another case of the dancing bunnies and there is no tech cure for that short of sticking them in a walled garden ala Apple where they can't do a damned thing without the corporation's approval.

    I've seen it a million times, all the malware writer has to do is offer them the right carrot, be it some celeb nekkid, some free porn, screensavers, hell I've seen people infect their machines for a chance to win an iPad. Offer them a cookie and all the security levels and permissions and AV software is worth jack and squat because they will disable it with a smile on their face.

    In the end all you can do is educate those that will listen and be ready to clean up the mess like with TFA for those that don't.

    --
    ACs don't waste your time replying, your posts are never seen by me.