Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Month After Grum Botnet Takedown, Spam Back To Previous Levels

Posted by timothy on from the it's-like-the-pollen-count dept.

wiredmikey writes "It's been over a month since spam-spewing Grum botnet has been shut down, but spam experts say there hasn't been a noticeable impact on global spam volume. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent. However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes."

9 of 47 comments (clear)

  1. Called in reinforcements? by Nidi62 · · Score: 4, Insightful

    Is it not possible they simply have a few botnets sitting around unused ready to be activated should an active botnet go down? While the revenue of having one botnet operating with one in reserve probably wouldn't be as high as having both operating, it would give a greater guarantee of continued revenue.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  2. Re:In other news... by canadiannomad · · Score: 2

    People who have bad security practices on their computers, still have bad security practices on their computers.

    or

    People with one infection on their computers, are more likely to have another.

    --
    Hmm, the humour and sarcasm seem to have been be lost on you.
  3. Filtering != Stopping by damn_registrars · · Score: 5, Insightful

    Filtering can be a good first line defense, yes. However it will never, ever solve the spam epidemic on its own. No amount of filtering ever will.

    This is about a group that took a better step, in going after a botnet. That is more effective than filtering in the long term, but still won't do the trick.

    The long term solution comes from acknowledging that spam is an economic problem. A lot of reactionary measures (such as filtering) treat spam almost as if it is a game or a personal attack on themselves. Spammers don't give a shit who you are or what your reaction is to spam. Spammers just want to make money. Someone is paying them to send out spam. If you want to stop spam for real, you need to stop the money. If the spammers don't get paid, they don't send out spam.

    It's that simple. Everything else just kicks the can down the road.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Filtering != Stopping by cpu6502 · · Score: 2

      (1) How do we stop the money? (2) And why should we bother? Spam is no more offensive than the spam I hear on the radio or TV.

      I'm more worried about the war on nude photos. Did you her about the gay UK politician whose career was destroyed? They accused him of having nude children on his computer. They couldn't find anything but one image that "looked like" a teen but was later proved to be a 22 year old. (Guilty until proved innocent.) Then they tried to go after him for having gay images on his computer but of course that's not a crime.

      The end result was the guy was fired from his job, received hate speech scrwled on his house, and now he's hiding. All because of the UK war on nude photos. (A war that also exists in Australia unfortunately.) Possession of an image, even if it's an actual murder scene, should not be a crime.

      --
      My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
    2. Re:Filtering != Stopping by damn_registrars · · Score: 3, Informative

      (1) How do we stop the money?

      You might be the first person who has ever asked this question when I have pointed out this dilemma here on slashdot. Most other people respond by advocating murdering the spammers in some way, shape, or form instead.

      The money can be stopped a few different ways. A few years ago a group at Georgia Tech (IIRC) found that the majority of all financial transactions executed on spamvertised sites were processed through a very short list of processing centers. Getting those guys to clean up their act would be a big step in the right direction.

      Another is to find where the spammers themselves are receiving payment (as the above method goes after the people paying the spammer instead). Following the money isn't that hard if you initiate a transaction (to track it from one end) and get useful records of who really owns the domain for the spamvertised site (which is often registered in some way to the spammer).

      I thank you for asking the question.

      (2) And why should we bother?

      The biggest argument for doing something about spam lies in the fact that spam makes the internet more expensive for everyone. Being as a large portion of all traffic is spam, it means that legitimate traffic is delayed as a result. And of course the spam also takes up space on hard drives (sometimes in replicate as it traverses from a server to a user's computer) and CPU time. Any company that is running a spam filter - be it software, hardware, or some of each - is also devoting resources to the problem that someone has to pay for.

      Spam is no more offensive than the spam I hear on the radio or TV.

      I would argue that to be an incorrect analogy for the reasons I stated above. You can turn off your radio or TV and you won't hear your local car dealer screaming at you to come buy a new car. However if you turn off your computer you are still paying your ISP to move spam around. Even worse you are paying for your ISP to build up its network infrastructure so they can deliver the bandwidth the promised you while also dealing with the avalanche of spam coming to their network every moment.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    3. Re:Filtering != Stopping by heypete · · Score: 2

      Yes, but with excellent filtering and easy filter-training spam becomes less economical.

      Take, for example, Gmail's spam filters: I receive thousands of spams per month (down from tens of thousands a month from year or two ago) at my personal address hosted on Google Apps. Out of all those messages, maybe one or two a month slip by the filters. I select the messages and click "mark as spam" and they're gone from my mailbox and help train the filter. This is trivial work for the user and benefits the entire community. Every single one of the "common" spams (e.g. pills, 419 scams, etc.) is caught -- the rare ones that slip by are using some new gimmick to elude filters. Once the filters are trained to detect them, that gimmick becomes useless.

      I'm an exception as receive a huge amount of spam due to having my own domain and a very trivial, widely-published-on-the-internet email address. I suspect most users have far less pre-filter spam hitting their mailbox and even less making it through.

      Same thing with blog spam: Akismet catches a similar ratio of spam, making blog spam pretty much useless. Bloggers can submit spam that was missed or innocent postings that were mistakenly flagged and the system learns, benefiting everyone. Training this filter is basically a one-click operation for site admins. I can always identify blogs that don't use Akismet because the comments at those sites are flooded with spam.

      Yes, to truly be stopped spam needs to be stopped at the source. When all it takes to send out spam is a cheap, anonymous SIM card from a mobile ISP in Nigeria, it's unlikely that there's any practical means of stopping spam at its source. When there's dozens of sites scanning the internet to find lists of open proxies ripe for abuse, it's possible to send spam with essentially no risk. Using a stolen credit card to rent a VPS allows spammers to send mail from "legitimate" IP addresses at high rates of speed with very little in the way of information that traces back to them.

      Still, having filtering "communities" like Gmail or Akismet or other similar services (I presume that Hotmail and Yahoo do something similar) can stop the huge majority of spam and make it less worthwhile for the spammers -- already it's at the point where essentially no legitimate service sends spam, unlike the situation a decade ago. Indeed, several articles I've read suggested that some spammers are migrating away from email spam to social networking spam on services like Facebook and Twitter as their filtering methods are less advanced.

  4. This conflicts with what I see (I do anti-spam) by Khopesh · · Score: 2

    I only see one publicly visible spam volume graph supporting this claim: SpamHaus CBL (look at the "Last quarter" graph).

    SpamCop and SenderBase suggest the overall trend is still down, though I'm not convinced this is related to Grum -- it appears Grum just wasn't as major a player as people thought.

    The other graphs I have bookmarked, from McAfee (click the "Historic Data" tab) and Symantec, are inconclusive.

    --
    Use my userscript to add story images to Slashdot. There's no going back.
  5. Re:The one type of spam that still persists for me by RobertLTux · · Score: 2

    easy way to do this

    1 filter for Yahoo accounts
    2 put "land mine" phrases in your craigslist postings and set filters for those (use maybe 3 different phrases)

    so if you sell say Pottery use "Ming Dynasty" "Bull teacup set" and "Dragon Motif" as "landmines"

    set your filter for @yahoo.com with "Ming Dynasty" or "Bull teacup set" or "Dragon Motif" to be sent to Spam

    in your text warn folks to NOT copy the text of your ad when they reply

    --
    Any person using FTFY or editing my postings agrees to a US$50.00 charge
  6. Re:Market simply responding to demand by idontgno · · Score: 2, Funny

    These aren't companies, these are criminal going concerns, some well organized,

    Wait, what?. I thought you said they weren't companies. I'm confused.

    but I don't expect you'll see them listed on NASDAQ any time soon.

    Oh, they're privately-held companies. No biggie. Those are the real engines of industry and the heart of the entrepreneur class.

    Ah I see. "Criminal". The only real difference between "criminal concern" and "legitimate entrepreneur" is the size of their lobbying budget and legal departments.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.