Skip to content


How Cybersleuths Took Down Spam King Grum

Governments, researchers and private companies are working overtime to root out spam from the Internet. Today brings good news: Grum, a botnet responsible for 18% of all spam, is no more. Here’s how a team of crack cybersleuths took down the world’s third-largest spammer.

The search-and-destroy stories that surface when a spam botnet is taken down are some of the juiciest to be found in any medium. Botnet takedowns have all the elements of a great plot: a global villain, exotic locales, despicable offenses, dedicated heroes who strive for the good of humanity, and a mystery that takes many steps to uncover. It is “Dick Tracy” meets “Hackers.”

Grum was a devious mist of a network with no obvious central structure. The face of a botnet like Grum is a distributed sub-network of command-and-control (CnC) servers. These machines direct an army of zombie underlings, ordinary personal computers that have been infected with malware that takes orders from CnC to churn out spam. Grum marshaled at least 120,000 spam-spewing zombies, according to Spamhaus. The actual number of zombies in the network could have been a lot more.

Grum has been in existence for at least four years, an impressive lifespan for a botnet, according to Atif Mushtaq, senior staff scientist at security company FireEye. Mushtaq tracked down the botnet along with Carel Van Sraten and Thomas Morrison from Spamhaus and Alex Kuzmin from CERT-GIB. An anonymous security researcher who goes by the name Nova7 also helped track down the spammers. Their mission was to discover the CnC servers and systematically take them offline.

Posted in Web.

Tagged with , , , , , , , , .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.