Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Grum Botnet Attempts a Comeback – Dies a Quick Death

Researchers at FireEye recently detected two new Grum command servers, as the botnet’s owners attempted to remain under the radar as they rebuilt it. The rebirth was short-lived, as the C&Cs (hosted in Turukey) were taken offline within hours.

Researchers at FireEye recently detected two new Grum command servers, as the botnet’s owners attempted to remain under the radar as they rebuilt it. The rebirth was short-lived, as the C&Cs (hosted in Turukey) were taken offline within hours.

In July, researchers from FireEye were part of a team that tookdown Grum, one of the world’s largest botnets. Within three days, the botnet fell from 120,000 IP addresses, to just over 20,000. Within a month, the botnet was dead in the water, its owners seeming to have given it up. 

“Apart from an unsuccessful recovery attempt made by the bot herders a few days after the takedown, we never noticed any movement from the opposite side. Apparently the Grum guys had given up their botnet. But the bot herders always had the option to take the risk and start rebuilding this botnet from scratch. This is precisely what they tried to do last week,” wrote FireEye’s Atif Mushtaq in a blog post.

While the two C&C servers were operational, the botnet owners didn’t use them to send spam, or do anything really, they just turned them on, likely due to the fact that the group wanted to “keep themselves under the radar,” Mushtaq speculated.

Either way, between FireEye and Spamhaus, Grum has been consistently monitored, so when the new servers became active, they were detected almost immediately.

“The good news is that both servers are dead at the moment, effectively killing this new segment of Grum,” he concluded.

When the Grum botnet was in normal operation, Symantec researchers estimated that it was responsible for about one-third of all spam being sent worldwide. The takedown led to an instant drop in global spam email volumes by as much as 15 to 20 percent, according to July’s Symantec Intelligence Report. But about a month later, spam levels came back up, showing that the takedown’s affect on global spam was actually minimal.

“There’s been minimal to no change in spam as a result of the Grum takedown, an Abuse Desk Analyst at Symantec, told SecurityWeek in August. 

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.