Spam Slayers Shut Down Massive Botnet: Levels of Junk E-mail Drop Dramatically

Security researchers have brought down one of the world’s largest botnets, ensuring a massive drop in pharmaceutical spam for inboxes everywhere.

Grum, the world’s third-largest botnet, was responsible for 18 percent of all spam, or 18 billion spam messages per day, the New York Times reports. Last week alone, Grum accounted for 35 percent of total spam, according to Trustwave.

But it all came crashing down this week, when researchers pressured providers of Internet service and bandwidth to cut off the botnet’s servers. Grum suffered a major blow early in the week, when command and control servers in the Netherlands were taken down. In a blog post Wednesday, FireEye researcher Atif Mushtaq wrote that the remaining servers in Panama, Ukraine and Russia were taken offline as well.

The news is significant because bot herders have viewed those countries as safety zones. “When the appropriate channels are used, even ISPs within Russia and Ukraine can be pressured to end their cooperation with bot herders,” Mushtaq wrote. “There are no longer any safe havens.”

Researchers have already seen a payoff: Only 21,505 Grum IP addresses are sending spam now, compared with 120,000 IP addresses before the takedown. Mushaq believes the rest of the spam will dissipate as templates expire. (Grum’s reach was likely larger than 120,000 IP addresses, but infected computers in corporate environments may be blocked from sending spam e-mails.)

Grum isn’t the only source of bogus Viagra spam in your inbox. Cutwail and Lethic are often just as prolific in sending e-mail spam, or more so. But with the takedown of Grum, Mushtaq believes researchers have sent a strong message to spammers, and have proven that they’ll have a harder time staying untouchable.

“Keep dreaming of a junk-free inbox,” he wrote. Or, use an e-mail service with a good spam filter.

Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.