FRAMINGHAM, Mass. – Authorities in three countries have taken down a half-dozen command-and-control servers for the Grum botnet, crippling the world’s third-largest spam-spewing network.
A total of five servers in Panama and the Ukraine were taken down Tuesday, while the plug was pulled on two servers in the Netherlands over the last few days, Atif Mushtaq, a researcher at FireEye’s security lab, said.
Grum is responsible for more than 17 percent of the world’s spam, according to Mushtaq. Most of the spam sells fake Rolex watches and Viagra.
As of late Tuesday, the master server and one command-and-control server were operating in Russia, where Mushtaq believes the spammers are headquartered.
FireEye has watched Grum since 2008, when it was only the seventh or eighth largest spam botnet. Since then, larger botnets, such as Kelihos, Rustock and Zeus, have been taken down, so Grum has climbed up the charts.
Over the last few years, the tech industry has become more aggressive in battling botnets. In March, Microsoft won court permission to seize the servers of the Zeus botnet, which cybercriminals used to steal $100 million over five years.
Most of the money came through stealing online banking and e-commerce credentials. Microsoft Corp. also was involved in the takedown of servers in the Kelihos, Rustock and Waledac botnets.
The amount of spam flowing into people’s inboxes has fallen at least 60 per cent since the peak in 2008, Mushtaq said. Many ex-spammers have switched from running huge botnets that attract the attention of authorities to operating small networks aimed more at infecting computers with information-stealing malware.
“These guys have learned they need to fly under the radar,” Mushtaq said. “Making one huge botnet will make them very visible.”
The consequence of sending spam from a mobile device is a higher wireless bill for the owner. Thousands of spam messages flowing from a device means a big jump in data traffic, which can lead to additional charges when volume surpasses a person’s data plan.