Jump to content
Wikipedia The Free Encyclopedia

Grum botnet

From Wikipedia, the free encyclopedia
Spam email botnet

The Grum botnet, also known by its alias Tedroo and Reddyb, was a botnet mostly involved in sending pharmaceutical spam e-mails.[1] Once the world's largest botnet, Grum can be traced back to as early as 2008.[2] At the time of its shutdown in July 2012, Grum was reportedly the world's third largest botnet,[3] responsible for 18% of worldwide spam traffic.[4] [5]

Grum relies on two types of control servers for its operation. One type is used to push configuration updates to the infected computers, and the other is used to tell the botnet what spam emails to send.[6]

In July 2010, the Grum botnet consisted of an estimated 560,000–840,000 computers infected with the Grum rootkit.[7] [8] The botnet alone delivered about 39.9 billion[9] spam messages in March 2010, equating to approximately 26% of the total global spam volume, temporarily making it the world's then-largest botnet.[10] [11] Late in 2010, the botnet seemed to be growing, as its output increased roughly by 51% in comparison to its output in 2009 and early 2010.[12] [13]

It used a panel written in PHP to control the botnet.[14]

Botnet takedown

[edit ]

In July 2012, a malware intelligence company published an analysis of the botnet's command and control servers located in the Netherlands, Panama, and Russia. It was later reported that the Dutch Colo/ISP soon after seized two secondary servers responsible for sending spam instructions after their existence was made public.[15] Within one day, the Panamanian ISP hosting one of Grum's primary servers followed suit and shut down their server.[16] The cybercriminals behind Grum quickly responded by sending instructions through six newly established servers in Ukraine.[17] FireEye connected with Spamhaus, CERT-GIB, and an anonymous researcher to shut down the remaining six C&C servers, officially knocking down the botnet.[17]

Grum botnet zombie clean-up

[edit ]
This section does not cite any sources . Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged and removed. (March 2025) (Learn how and when to remove this message)

There was a sinkhole running on some of the former IP addresses of the Grumbot C&C servers. A feed from the sinkhole was processed via both Shadowserver and abusix to inform the Point of Contact at an ISP that has an infected IP addresses. ISP's are asked to contact their customers about the infections to have the malware cleaned up. Shadowserver.org will inform the users of their service once per day and Abusix sends out a X-ARF (extended version Abuse Reporting Format) report every hour.

See also

[edit ]

References

[edit ]
  1. ^ "Grum". M86 Security. 2009年04月20日. Retrieved 2010年07月30日.
  2. ^ Atif Mushtaq (2012年07月09日). "Killing the Beast - Part 5". FireEye . Retrieved 2012年07月11日.
  3. ^ Mushtaq, Atif (2012年07月18日). "Grum, World's Third-Largest Botnet, Knocked Down | FireEye Blog". Fireeye.com. Archived from the original on 2014年01月17日. Retrieved 2014年01月09日.
  4. ^ "Huge spam botnet Grum is taken out by security researchers". BBC News. 19 July 2012.
  5. ^ "Researchers Say They Took Down World's Third-Largest Botnet". New York Times. 2012年07月18日. Retrieved 2012年07月18日.
  6. ^ "One of the world's largest spam botnets still alive after suffering significant blow". IDG. 2012年07月17日. Archived from the original on 2018年11月30日. Retrieved 2012年07月17日.
  7. ^ "Research: Small DIY botnets prevalent in enterprise networks". ZDNet. Archived from the original on May 11, 2011. Retrieved 2010年07月30日.
  8. ^ "MessageLabs Blog - Evaluating Botnet Capacity". Messagelabs.com.sg. Archived from the original on April 18, 2013. Retrieved 2010年07月30日.
  9. ^ "Which Botnet Is Worst? Report Offers New Perspective On Spam Growth - botnets/Security". DarkReading. 30 September 2009. Archived from the original on 2009年12月05日. Retrieved 2010年07月30日.
  10. ^ "Grum and Rustock botnets drive spam to new levels". Securecomputing.net.au. 2010年03月02日. Archived from the original on 2010年12月07日. Retrieved 2010年07月30日.
  11. ^ Whitney, Lance (2010年03月02日). "Botnets cause surge in February spam | Security - CNET News". News.cnet.com. Retrieved 2010年07月30日.
  12. ^ James Wray and Ulf Stabe (2010年03月01日). "Spam volumes surge thanks Grum and Rustock botnets - Security". Thetechherald.com. Archived from the original on 2010年07月21日. Retrieved 2010年07月30日.
  13. ^ "MessageLabs: Botnets a threat to email marketing - Email Marketing". BizReport. 2009年09月30日. Retrieved 2010年07月30日.
  14. ^ Brian Krebs (2012年08月20日). "Inside the Grum botnet".
  15. ^ Steve Ragan (2012年07月17日). "Dutch Police Takedown C&Cs Used by Grum Botnet". Security Week. Retrieved 2012年07月17日.
  16. ^ Alex Fitzgerald (2012年07月19日). "Botnet Responsible for 18% of World's Spam Knocked Offline". Mashable . Retrieved 2012年07月19日.
  17. ^ a b Atif Mushtaq (2012年07月19日). "Grum, World's Third-Largest Botnet, Knocked Down". FireEye. Archived from the original on 2018年03月01日. Retrieved 2012年07月19日.

AltStyle によって変換されたページ (->オリジナル) /