Notice anything weird about your email inbox? If you said there wasn’t as much spam lately that’s because researchers at FireEye and the venerable SpamHaus have essentially shut down the Grum botnet by marking and banning IP addresses. The botnet was responsible for 18% of the world’s spam and had lassoed 560,000 to 840,000 computers using a rootkit.
After FireEye and SpamHaus published the inner workings of Grum, public pressure soon forced Dutch ISPs to shut down a major network control hub that sent commands to about 120,000 separate IPs. Then a similar server was shut down in Panama, leaving only a working server in Russia. However, as the Panama server winked out, suddenly, the hunt for Grum became a cat and mouse game as new servers popped up in the Ukraine.
FireEye’s Atif Mushtaq wrote:
Although the Russian and Ukrainian servers are still running, the group reduced total spam output from 120,000+ IPs to 21,000, reducing the overall spam load. It’s not over yet, but it’s a dent in the overall feed.
Mushtaq closed with a message to the spammers: “Stop sending us spam. We don’t need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don’t send us spam.”
“Keep on dreaming of a junk-free inbox,” he wrote.