Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside the Grum Botnet

Posted by Soulskill on from the creamy-nougat-filling dept.

tsu doh nimh writes "An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide."

11 of 34 comments (clear)

  1. And suddenly by ackthpt · · Score: 2

    200,000 voices were silenced.

    Not particularly good voices, with anything worthwhile to say.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:And suddenly by PPH · · Score: 3, Insightful

      Actually, 200,000 voices with only one mind.

      Sort of like a political action committee

      --
      Have gnu, will travel.
    2. Re:And suddenly by hairyfeet · · Score: 3, Insightful

      The sad part? as someone who actually have to clean these machines it doesn't matter about UAC, or low rights mode, or any possible security you put in the OS because in the end it becomes another case of the dancing bunnies and there is no tech cure for that short of sticking them in a walled garden ala Apple where they can't do a damned thing without the corporation's approval.

      I've seen it a million times, all the malware writer has to do is offer them the right carrot, be it some celeb nekkid, some free porn, screensavers, hell I've seen people infect their machines for a chance to win an iPad. Offer them a cookie and all the security levels and permissions and AV software is worth jack and squat because they will disable it with a smile on their face.

      In the end all you can do is educate those that will listen and be ready to clean up the mess like with TFA for those that don't.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Law enforcement jumped the gun here by Anonymous Coward · · Score: 5, Funny

    One man's botnet is another man's beowulf cluster

    Many people looked forward to these daily emails offering vital medications, herbal alternatives for male enhancement, and mortgage refinancing opportunities

    Grum, you will be missed!

  3. Re:Yay CAN SPAM! by ackthpt · · Score: 2

    More evidence that the law is working.

    Law? Try people actually working on it.

    You can have all the laws you want, but until people set themselves to backtracking this junk, finding the servers and maybe even catching those behind them, the laws mean exactly nothing.

    It is nice to see them working on it, but I think more work could be done a little faster.

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. Re:200,00 X 6 = 1,200,000 by ackthpt · · Score: 2

    This implies that there are about 1.2 million bots worldwide. Seems low.

    True.

    Perhaps the others are all at work managing sock-puppets on facebook.

    --

    A feeling of having made the same mistake before: Deja Foobar
  5. And yet... by winkydink · · Score: 3, Interesting

    spam levels have increased since the takedown!

    http://www.eleven.de/botnet-timeline-en.html

    fast forward to Grum Botnet part of timeline.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  6. Re:Notify ISP's to Notify Infected Customers? by Zocalo · · Score: 3, Insightful

    Based on the experiences of the DNS Changer Working Group trying to get ISPs to notify their infected users of the imminent demise of the substitute DNS Changer DNS servers, I'd say it is unlikely to work. The sad fact is that many ISPs (and there would be a *lot* of ISPs with hosts on a typical botnet) simply don't give a crap at the best of times, let alone when suggesting they take a course of action that would entail costs - postage of letters, support calls, setting up a sandbox for infected users, etc.

    --
    UNIX? They're not even circumcised! Savages!
  7. Money by John+Bokma · · Score: 2

    For the same reason a lot of ISPs [b]do nothing about spam[/b]. It's paying customers versus angry nerds...

    --

    Perl Programmer for hire
  8. Re:200,00 X 6 = 1,200,000 by Ziggitz · · Score: 2

    Sounds about right. I imagine many many times that number get infected every year though. To remain infected and a functioning part of the botnet you need it to stay on the internet, not have it's antivirus updated, not have security updates for the OS, not fall into disuse, not taken in for service and still work without the owner's knowledge that it is infected.

    What kind of person would allow those conditions to occur? Grandma probably does, somebody probably set up the computer for her, she doesn't know how fast it should be, doesn't update the OS or antivirus, probably doesn't know how to and since it will still connect to facebook and let her play bejeweled, she doesn't do anything about it.

    So take the number of primary personal computing devices in the first world, take only the very tech incompetent but frequent users, from those take the ones with out of date operating systems, then keep only the ones that stay connected to the internet all the time and then only the ones that will not take those computers to be fixed. The low hanging fruit disappear very quickly. While there are way way more than 1.2 million people who will get a device infected each year, chances are they don't leave them infected for very long, so the retention rate for the botnet is probably only around 1% per year if not less.

    --
    There is no memory shortage. yes I have heard of XFCE. Go away.
  9. Spams still coming by Taco+Cowboy · · Score: 2

    Even with the Grum Botnet taken offline, my email address is still getting all kinds of spam and scam, every single day

    Like others, I set up spam filters save the clutters, but I do not know how many genuinely worthy messages my spam-filter had mistakenly deleted

    Those goddamn spammers have ruined it

    --
    Muchas Gracias, Señor Edward Snowden !