Grum Shutdown: World's Third Largest Botnet Taken Offline, Researchers Say

World's Third Largest Botnet Shut Down, Researchers Say

Computer users may see fewer e-mail offers for cheap Viagra and fake Rolexes after security researchers this week helped shut down the world’s third-largest botnet, a network of zombie computers that was sending about 18 percent of worldwide spam messages.

Atif Mushtaq, a researcher at the security company FireEye, said in a blog post that security researchers had worked with Internet service providers in several countries -- including some known as safehavens for cybercrime -- to bring down servers controlling the so-called Grum botnet, which was sending 18 billion junk messages a day.

Earlier this week, authorities in the Netherlands and Panama shut down servers controlling the botnet, but the cybercriminals responded by sending instructions through servers in Ukraine -- a known safe haven for cybercrime, Mushtaq said. However, Mushtaq said researchers at FireEye worked with Internet providers, a Russian computer security team and Spamhaus, an international organization that tracks spam, to shut down the botnet’s remaining servers.

Botnets are networks of infected computers that help cyber criminals send spam messages, commit identity theft, steal financial data and siphon intellectual property. They grow in size as computer users accidentally click on a malicious link or file, and their PCs begin performing automated tasks like sending spam.

The action marked the latest botnet takedown. In March, Microsoft filed suit in federal court in Brooklyn that led to the shutdown of botnet servers infected with the so-called Zeus malware, which stole more than $100 million by recording users' computer keystrokes to get usernames and passwords linked to online bank accounts.

Yet botnets are notoriously resilient, often re-emerging as new variants of malware with greater power, even after authorities claim to have shut them down.

Experts say that is why more must be done to break up botnets, which they say contribute to the majority of today's malicious activity on the Internet.

Earlier this year, for example, the Obama administration announced new efforts to disrupt networks of infected PCs, including a program to notify customers when their computers have been infected with malware.

Still, Mushtaq said this week's takedown of the Grum botnet was important because it demonstrated that cybercriminals can't simply elude authorities by shifting their servers to countries like Panama, Russia, and Ukraine, “thinking that no one can touch them in these comfort zones.”

“There are no longer any safe havens," he said.

Popular in the Community

Close

What's Hot