Spam botnets: The fall of Grum and the rise of Festi
(Publication) Google search: [1]
| Spam botnets: The fall of Grum and the rise of Festi | |
|---|---|
| |
| Botnet | Festi, Grum, Cutwail |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 16 aug2012 |
| Editor/Conference | Spamhaus |
| Link | http://www.spamhaus.org/news/article/685/ (Archive copy) |
| Author | Thomas Morrison |
| Type | |
Abstract
“ In July 2012, FireEye in cooperation with other security organisations, such as Spamhaus, took down the Grum botnet. At that time Grum was the third largest spam-sending botnet. The event gained considerable media attention.
Spamhaus worked on the takedown of the botnet by contacting the responsible ISPs that were hosting the botnet controllers. These controllers (also known as command & control servers) were being used by the botnet herder to control the botnet and coordinate the spam campaigns. After the command and control infrastructure of the Grum botnet had been shut down, the cybercriminals tried to re-establish their spam operation by setting up new botnet controllers. Fortunately, FireEye informed Spamhaus without any delay so that we could help shut down the new controllers quickly as well.
Since the takedowns Spamhaus has continued to monitor the Grum botnet, which at present consists of only 150 to 500 active (spam sending) IP addresses per day. Hence, one month later we can consider the Grum botnet dead.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1097,
editor = {Spamhaus},
author = {Thomas Morrison},
title = {Spam botnets: The fall of Grum and the rise of Festi},
date = {16},
month = Aug,
year = {2012},
howpublished = {\url{http://www.spamhaus.org/news/article/685/}},
}