Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Grum botnet

From Wikipedia, the free encyclopedia
Spam email botnet

TheGrum botnet, also known by its aliasTedroo andReddyb, was abotnet mostly involved in sending pharmaceuticalspam e-mails.[1] Once the world's largest botnet, Grum can be traced back to as early as 2008.[2] At the time of its shutdown in July 2012, Grum was reportedly the world's third largest botnet,[3] responsible for 18% of worldwide spam traffic.[4][5]

Grum relies on two types of control servers for its operation. One type is used to push configuration updates to the infected computers, and the other is used to tell the botnet what spam emails to send.[6]

In July 2010, the Grum botnet consisted of an estimated 560,000–840,000 computers infected with the Grumrootkit.[7][8] The botnet alone delivered about 39.9 billion[9] spam messages in March 2010, equating to approximately 26% of the total global spam volume, temporarily making it the world's then-largest botnet.[10][11] Late in 2010, the botnet seemed to be growing, as its output increased roughly by 51% in comparison to its output in 2009 and early 2010.[12][13]

It used a panel written inPHP to control the botnet.[14]

Botnet takedown

[edit]

In July 2012, a malware intelligence company published an analysis of the botnet'scommand and control servers located in the Netherlands, Panama, and Russia. It was later reported that the Dutch Colo/ISP soon after seized two secondary servers responsible for sending spam instructions after their existence was made public.[15] Within one day, the Panamanian ISP hosting one of Grum's primary servers followed suit and shut down their server.[16] The cybercriminals behind Grum quickly responded by sending instructions through six newly established servers in Ukraine.[17] FireEye connected withSpamhaus, CERT-GIB, and an anonymous researcher to shut down the remaining six C&C servers, officially knocking down the botnet.[17][4]

Grum botnet zombie clean-up

[edit]

There was asinkhole running on some of the former IP addresses of the Grumbot C&C servers. A feed from the sinkhole was processed via bothShadowserver andabusix to inform thePoint of Contact at an ISP that has an infected IP addresses. ISP's are asked to contact their customers about the infections to have the malware cleaned up. Shadowserver.org will inform the users of their service once per day and Abusix sends out a X-ARF (extended versionAbuse Reporting Format) report every hour.[18][19][20]

See also

[edit]

References

[edit]
  1. ^"Grum". M86 Security. 2009-04-20. Retrieved2010-07-30.
  2. ^Atif Mushtaq (2012-07-09)."Killing the Beast - Part 5".FireEye. Retrieved2012-07-11.
  3. ^Mushtaq, Atif (2012-07-18)."Grum, World's Third-Largest Botnet, Knocked Down | FireEye Blog". Fireeye.com. Archived fromthe original on 2014-01-17. Retrieved2014-01-09.
  4. ^ab"Huge spam botnet Grum is taken out by security researchers".BBC News. 19 July 2012.
  5. ^"Researchers Say They Took Down World's Third-Largest Botnet".New York Times. 2012-07-18. Retrieved2012-07-18.
  6. ^"One of the world's largest spam botnets still alive after suffering significant blow". IDG. 2012-07-17. Archived fromthe original on 2018-11-30. Retrieved2012-07-17.
  7. ^"Research: Small DIY botnets prevalent in enterprise networks". ZDNet. Archived fromthe original on May 11, 2011. Retrieved2010-07-30.
  8. ^"MessageLabs Blog - Evaluating Botnet Capacity". Messagelabs.com.sg. Archived fromthe original on April 18, 2013. Retrieved2010-07-30.
  9. ^"Which Botnet Is Worst? Report Offers New Perspective On Spam Growth - botnets/Security". DarkReading. 30 September 2009. Archived fromthe original on 2009-12-05. Retrieved2010-07-30.
  10. ^"Grum and Rustock botnets drive spam to new levels". Securecomputing.net.au. 2010-03-02. Archived fromthe original on 2010-12-07. Retrieved2010-07-30.
  11. ^Whitney, Lance (2010-03-02)."Botnets cause surge in February spam | Security - CNET News". News.cnet.com. Retrieved2010-07-30.
  12. ^James Wray and Ulf Stabe (2010-03-01)."Spam volumes surge thanks Grum and Rustock botnets - Security". Thetechherald.com. Archived from the original on 2010-07-21. Retrieved2010-07-30.
  13. ^"MessageLabs: Botnets a threat to email marketing - Email Marketing". BizReport. 2009-09-30. Retrieved2010-07-30.
  14. ^Brian Krebs (2012-08-20)."Inside the Grum botnet".
  15. ^Steve Ragan (2012-07-17)."Dutch Police Takedown C&Cs Used by Grum Botnet". Security Week. Retrieved2012-07-17.
  16. ^Alex Fitzgerald (2012-07-19)."Botnet Responsible for 18% of World's Spam Knocked Offline".Mashable. Retrieved2012-07-19.
  17. ^abAtif Mushtaq (2012-07-19)."Grum, World's Third-Largest Botnet, Knocked Down".FireEye. Archived fromthe original on 2018-03-01. Retrieved2012-07-19.
  18. ^"Spam Botnets: The Fall of Grum and the Rise of Festi". The Spamhaus Project. August 15, 2012. Retrieved2025-11-26.Since the takedowns, Spamhaus has continued to monitor the Grum botnet, which at present consists of only 150 to 500 active (spam sending) IP addresses per day. As they have no controllers, they are just operating in a true "zombie" manner.
  19. ^"Grum: Inside The Takedown Of One Of The World's Biggest Spam Networks". TechCrunch. August 3, 2012. Retrieved2025-11-26.
  20. ^"Bot herders try to resurrect Grum, fail". Help Net Security. July 23, 2012. Retrieved2025-11-26.Over the weekend, the Ukrainian ISP SteepHost removed the null route on three CnCs that were taken down, allowing bot herders to attempt regaining control.
Notable botnets
Main articles
Retrieved from "https://en.wikipedia.org/w/index.php?title=Grum_botnet&oldid=1324207752"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp