Worldwide Spam Drops After Grum Takedown

By: Absolute Team | 7/20/2012

One of the world's largest botnets, the Grum bonnet, was recently taken down, reducing worldwide spam by up to 50%… but for how long?

The Grum botnet originated in 2008 and was responsible for sending 18 billion emails a day, mostly sending pharmaceutical spam, with an average of 120,000 infected computers a day sending this spam. The botnet accounted for anywhere between 15-17% of worldwide spam when it was taken down on July 19, 2012. Estimates have the Grum botnet as responsible for up to 25% of worldwide spam just last week - the figures vary.

In July, FireEye published an analysis of the bonnet's command and control (CnC) servers in the Netherlands, Panama, and Russia. With just 3 days of co-ordinated International effort of Internet Service Providers (ISPs) and security firms, the botnet was taken down (read FireEye's report of events here - it's an interesting read, how the botnet tried to redirect and recover).

As a result of this botnet takedown, one of the other major botnet players (Lethic) has temporarily restrained activity, dropping worldwide spam by about 50%. Historically, we see that spam reductions are temporary, with McAfee estimating we'll start seeing an uptake again in 6 weeks. In the meantime, enjoy a cleaner Inbox!

Financial Services