Spam botnets: The fall of Grum and the rise of Festi

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Spam botnets: The fall of Grum and the rise of Festi
FestiVsGrum.png
Botnet Festi, Grum, Cutwail
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 16 aug2012
Editor/Conference Spamhaus
Link http://www.spamhaus.org/news/article/685/ (Archive copy)
Author Thomas Morrison
Type

Abstract

In July 2012, FireEye in cooperation with other security organisations, such as Spamhaus, took down the Grum botnet. At that time Grum was the third largest spam-sending botnet. The event gained considerable media attention.

Spamhaus worked on the takedown of the botnet by contacting the responsible ISPs that were hosting the botnet controllers. These controllers (also known as command & control servers) were being used by the botnet herder to control the botnet and coordinate the spam campaigns. After the command and control infrastructure of the Grum botnet had been shut down, the cybercriminals tried to re-establish their spam operation by setting up new botnet controllers. Fortunately, FireEye informed Spamhaus without any delay so that we could help shut down the new controllers quickly as well.

Since the takedowns Spamhaus has continued to monitor the Grum botnet, which at present consists of only 150 to 500 active (spam sending) IP addresses per day. Hence, one month later we can consider the Grum botnet dead.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1097,
   editor = {Spamhaus},
   author = {Thomas Morrison},
   title = {Spam botnets: The fall of Grum and the rise of Festi},
   date = {16},
   month = Aug,
   year = {2012},
   howpublished = {\url{http://www.spamhaus.org/news/article/685/}},
 }