50:. The botnet alone delivered about 39.9 billion spam messages in March 2010, equating to approximately 26% of the total global spam volume, temporarily making it the world's then-largest botnet. Late in 2010, the botnet seemed to be growing, as its output increased roughly by 51% in comparison to its output in 2009 and early 2010.
69:
servers located in the
Netherlands, Panama, and Russia. It was later reported that the Dutch Colo/ISP soon after seized two secondary servers responsible for sending spam instructions after their existence was made public. Within one day, the Panamanian ISP hosting one of Grum's primary servers
98:
at an ISP that has an infected IP addresses. ISP's are asked to contact their customers about the infections to have the malware cleaned up. Shadowserver.org will inform the users of their service once per day and Abusix sends out a X-ARF (extended version
39:. Once the world's largest botnet, Grum can be traced back to as early as 2008. At the time of its shutdown in July 2012, Grum was reportedly the world's third largest botnet, responsible for 18% of worldwide spam traffic.
42:
Grum relies on two types of control servers for its operation. One type is used to push configuration updates to the infected computers, and the other is used to tell the botnet what spam emails to send.
70:
followed suit and shut down their server. The cybercriminals behind Grum quickly responded by sending instructions through six newly established servers in
Ukraine. FireEye connected with
198:
410:
362:
291:
316:
241:
833:
266:
202:
414:
366:
341:
295:
320:
563:
522:
74:, CERT-GIB, and an anonymous researcher to shut down the remaining six C&C servers, officially knocking down the botnet.
86:
running on some of the former IP addresses of the
Grumbot C&C servers. A feed from the sinkhole was processed via both
435:
828:
807:
100:
472:
173:
46:
In July 2010, the Grum botnet consisted of an estimated 560,000–840,000 computers infected with the Grum
601:
556:
270:
802:
66:
792:
838:
782:
741:
151:
132:
457:
843:
797:
762:
549:
95:
91:
676:
666:
611:
494:
342:"Which Botnet Is Worst? Report Offers New Perspective On Spam Growth - botnets/Security"
767:
746:
736:
691:
681:
646:
616:
127:
267:"One of the world's largest spam botnets still alive after suffering significant blow"
822:
772:
706:
671:
661:
656:
626:
596:
388:
777:
711:
686:
631:
87:
83:
65:
In July 2012, a malware intelligence company published an analysis of the botnet's
122:
36:
223:
731:
621:
701:
651:
606:
498:
71:
787:
641:
526:
177:
117:
47:
199:"Grum, World's Third-Largest Botnet, Knocked Down | FireEye Blog"
721:
696:
572:
112:
32:
436:"MessageLabs: Botnets a threat to email marketing - Email Marketing"
726:
716:
591:
389:"Botnets cause surge in February spam | Security - CNET News"
545:
411:"Spam volumes surge thanks Grum and Rustock botnets - Security"
586:
292:"Research: Small DIY botnets prevalent in enterprise networks"
54:
242:"Researchers Say They Took Down World's Third-Largest Botnet"
495:"Botnet Responsible for 18% of World's Spam Knocked Offline"
224:"Huge spam botnet Grum is taken out by security researchers"
541:
473:"Dutch Police Takedown C&Cs Used by Grum Botnet"
365:. Securecomputing.net.au. 2010-03-02. Archived from
755:
579:
516:
514:
363:"Grum and Rustock botnets drive spam to new levels"
523:"Grum, World's Third-Largest Botnet, Knocked Down"
317:"MessageLabs Blog - Evaluating Botnet Capacity"
557:
8:
564:
550:
542:
35:mostly involved in sending pharmaceutical
409:James Wray and Ulf Stabe (2010-03-01).
143:
7:
319:. Messagelabs.com.sg. Archived from
413:. Thetechherald.com. Archived from
14:
269:. IDG. 2012-07-17. Archived from
344:. DarkReading. 30 September 2009
834:Distributed computing projects
493:Alex Fitzgerald (2012-07-19).
1:
387:Whitney, Lance (2010-03-02).
201:. Fireeye.com. Archived from
197:Mushtaq, Atif (2012-07-18).
174:"Killing the Beast - Part 5"
521:Atif Mushtaq (2012-07-19).
172:Atif Mushtaq (2012-07-09).
78:Grum botnet zombie clean-up
53:It used a panel written in
860:
471:Steve Ragan (2012-07-17).
456:Brian Krebs (2012-08-20).
154:. M86 Security. 2009-04-20
23:, also known by its alias
458:"Inside the Grum botnet"
438:. BizReport. 2009-09-30
294:. ZDNet. Archived from
57:to control the botnet.
101:Abuse Reporting Format
103:) report every hour.
803:Operation: Bot Roast
67:command and control
793:Man-in-the-browser
829:Internet security
816:
815:
783:Internet security
323:on April 18, 2013
133:Internet security
16:Spam email botnet
851:
798:Network security
763:Browser security
566:
559:
552:
543:
537:
536:
534:
533:
518:
509:
508:
506:
505:
490:
484:
483:
481:
480:
468:
462:
461:
453:
447:
446:
444:
443:
432:
426:
425:
423:
422:
406:
400:
399:
397:
396:
384:
378:
377:
375:
374:
359:
353:
352:
350:
349:
338:
332:
331:
329:
328:
313:
307:
306:
304:
303:
288:
282:
281:
279:
278:
263:
257:
256:
254:
253:
238:
232:
231:
220:
214:
213:
211:
210:
194:
188:
187:
185:
184:
169:
163:
162:
160:
159:
148:
96:Point of Contact
859:
858:
854:
853:
852:
850:
849:
848:
819:
818:
817:
812:
751:
580:Notable botnets
575:
570:
540:
531:
529:
520:
519:
512:
503:
501:
492:
491:
487:
478:
476:
475:. Security Week
470:
469:
465:
455:
454:
450:
441:
439:
434:
433:
429:
420:
418:
408:
407:
403:
394:
392:
391:. News.cnet.com
386:
385:
381:
372:
370:
361:
360:
356:
347:
345:
340:
339:
335:
326:
324:
315:
314:
310:
301:
299:
298:on May 11, 2011
290:
289:
285:
276:
274:
265:
264:
260:
251:
249:
240:
239:
235:
230:. 19 July 2012.
222:
221:
217:
208:
206:
196:
195:
191:
182:
180:
171:
170:
166:
157:
155:
150:
149:
145:
141:
109:
80:
63:
61:Botnet takedown
17:
12:
11:
5:
857:
855:
847:
846:
841:
836:
831:
821:
820:
814:
813:
811:
810:
805:
800:
795:
790:
785:
780:
775:
770:
768:Computer virus
765:
759:
757:
753:
752:
750:
749:
744:
739:
734:
729:
724:
719:
714:
709:
704:
699:
694:
689:
684:
679:
674:
669:
664:
659:
654:
649:
644:
639:
634:
629:
624:
619:
614:
609:
604:
599:
594:
589:
583:
581:
577:
576:
571:
569:
568:
561:
554:
546:
539:
538:
510:
485:
463:
448:
427:
401:
379:
354:
333:
308:
283:
258:
246:New York Times
233:
215:
189:
164:
142:
140:
137:
136:
135:
130:
128:Internet crime
125:
120:
115:
108:
105:
94:to inform the
79:
76:
62:
59:
15:
13:
10:
9:
6:
4:
3:
2:
856:
845:
842:
840:
837:
835:
832:
830:
827:
826:
824:
809:
806:
804:
801:
799:
796:
794:
791:
789:
786:
784:
781:
779:
776:
774:
773:Computer worm
771:
769:
766:
764:
761:
760:
758:
756:Main articles
754:
748:
745:
743:
740:
738:
735:
733:
730:
728:
725:
723:
720:
718:
715:
713:
710:
708:
705:
703:
700:
698:
695:
693:
690:
688:
685:
683:
680:
678:
675:
673:
670:
668:
665:
663:
660:
658:
655:
653:
650:
648:
645:
643:
640:
638:
635:
633:
630:
628:
625:
623:
620:
618:
615:
613:
610:
608:
605:
603:
600:
598:
595:
593:
590:
588:
585:
584:
582:
578:
574:
567:
562:
560:
555:
553:
548:
547:
544:
528:
524:
517:
515:
511:
500:
496:
489:
486:
474:
467:
464:
459:
452:
449:
437:
431:
428:
417:on 2010-07-21
416:
412:
405:
402:
390:
383:
380:
369:on 2010-12-07
368:
364:
358:
355:
343:
337:
334:
322:
318:
312:
309:
297:
293:
287:
284:
273:on 2018-11-30
272:
268:
262:
259:
247:
243:
237:
234:
229:
225:
219:
216:
205:on 2014-01-17
204:
200:
193:
190:
179:
175:
168:
165:
153:
147:
144:
138:
134:
131:
129:
126:
124:
121:
119:
116:
114:
111:
110:
106:
104:
102:
97:
93:
89:
85:
77:
75:
73:
68:
60:
58:
56:
51:
49:
44:
40:
38:
34:
30:
26:
22:
808:Trojan horse
636:
530:. Retrieved
502:. Retrieved
488:
477:. Retrieved
466:
451:
440:. Retrieved
430:
419:. Retrieved
415:the original
404:
393:. Retrieved
382:
371:. Retrieved
367:the original
357:
346:. Retrieved
336:
325:. Retrieved
321:the original
311:
300:. Retrieved
296:the original
286:
275:. Retrieved
271:the original
261:
250:. Retrieved
248:. 2012-07-18
245:
236:
227:
218:
207:. Retrieved
203:the original
192:
181:. Retrieved
167:
156:. Retrieved
146:
88:Shadowserver
82:There was a
81:
64:
52:
45:
41:
37:spam e-mails
28:
24:
20:
18:
123:E-mail spam
21:Grum botnet
823:Categories
742:ZeroAccess
532:2012-07-19
504:2012-07-19
479:2012-07-17
442:2010-07-30
421:2010-07-30
395:2010-07-30
373:2010-07-30
348:2010-07-30
327:2010-07-30
302:2010-07-30
277:2012-07-17
252:2012-07-18
209:2014-01-09
183:2012-07-11
158:2010-07-30
139:References
732:Vulcanbot
622:Conficker
839:Spamming
702:Slenfbot
667:Mariposa
652:Koobface
612:Bredolab
607:BASHLITE
499:Mashable
228:BBC News
107:See also
84:sinkhole
72:Spamhaus
31:, was a
844:Botnets
788:Malware
737:Waledac
692:Rustock
682:Metulji
647:Kelihos
642:Gumblar
617:Cutwail
573:Botnets
527:FireEye
178:FireEye
118:Malware
48:rootkit
778:Malbot
722:Torpig
707:Srizbi
697:Sality
672:Mega-D
662:Lethic
657:Kraken
627:Donbot
597:Asprox
152:"Grum"
113:Botnet
92:abusix
33:botnet
29:Reddyb
25:Tedroo
727:Virut
717:TDL-4
712:Storm
687:Nitol
677:Mirai
632:Festi
602:Bagle
592:Akbot
747:Zeus
637:Grum
90:and
27:and
19:The
587:3ve
55:PHP
825::
525:.
513:^
497:.
244:.
226:.
176:.
565:e
558:t
551:v
535:.
507:.
482:.
460:.
445:.
424:.
398:.
376:.
351:.
330:.
305:.
280:.
255:.
212:.
186:.
161:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.