Third Largest Spam Botnet Shut Down by Researchers

July 19, 2012 Updated: April 3, 2013

A gigantic spam botnet—a large network of compromised computers controlled by a third party, usually to distribute large quantities of spam and malware—was taken down, which experts say will greatly reduce the amount of junk email sent out.

The so-called Grum botnet “has finally been knocked down” after three days of work, wrote Atif Mushtaq, who works for the California-based security company FireEye, in a blog post. “All the known command and control servers are dead, leaving their zombies orphaned,” he added.

Mushtaq said taking the botnet down required a joint effort from his firm, spam-tracking company SpamHaus, and local Internet service providers.

The shutting down the botnet sends a message to all spammers, he noted. 

“Stop sending us spam. We don’t need your cheap Viagra or fake Rolex. Do something else, work in a subway or McDonalds, or sell hotdogs, but don’t send us spam,” he wrote.

Mushtaq said earlier this week the command and control servers were shut down in the Netherlands and Panama, before the operation moved to six new servers in Ukraine.

“Ukraine has been a safe haven for bot herders in the past and shutting down any servers there has never been easy,” he said. But as of Wednesday, those Ukrainian servers had been shut down, and it was done by the upstream provider of the servers “at our request.”

In the operation, as many as 120,000 infected computers known as zombies were sending out spam each day. After the recent crackdown, only around 21,505 computers were still affected. “I hope that once the spam templates expire, the rest of the spam will fade away as well,” he added.

According to The New York Times, the Grum botnet was the third largest in the world and was responsible for 18 percent of all spam sent out. In the past week alone, Grum accounted for 35 percent of spam, the Trustwave website reported.