Knowledge (XXG)

Grum botnet

Source 📝

50:. The botnet alone delivered about 39.9 billion spam messages in March 2010, equating to approximately 26% of the total global spam volume, temporarily making it the world's then-largest botnet. Late in 2010, the botnet seemed to be growing, as its output increased roughly by 51% in comparison to its output in 2009 and early 2010. 69:
servers located in the Netherlands, Panama, and Russia. It was later reported that the Dutch Colo/ISP soon after seized two secondary servers responsible for sending spam instructions after their existence was made public. Within one day, the Panamanian ISP hosting one of Grum's primary servers
98:
at an ISP that has an infected IP addresses. ISP's are asked to contact their customers about the infections to have the malware cleaned up. Shadowserver.org will inform the users of their service once per day and Abusix sends out a X-ARF (extended version
39:. Once the world's largest botnet, Grum can be traced back to as early as 2008. At the time of its shutdown in July 2012, Grum was reportedly the world's third largest botnet, responsible for 18% of worldwide spam traffic. 42:
Grum relies on two types of control servers for its operation. One type is used to push configuration updates to the infected computers, and the other is used to tell the botnet what spam emails to send.
70:
followed suit and shut down their server. The cybercriminals behind Grum quickly responded by sending instructions through six newly established servers in Ukraine. FireEye connected with
198: 410: 362: 291: 316: 241: 833: 266: 202: 414: 366: 341: 295: 320: 563: 522: 74:, CERT-GIB, and an anonymous researcher to shut down the remaining six C&C servers, officially knocking down the botnet. 86:
running on some of the former IP addresses of the Grumbot C&C servers. A feed from the sinkhole was processed via both
435: 828: 807: 100: 472: 173: 46:
In July 2010, the Grum botnet consisted of an estimated 560,000–840,000 computers infected with the Grum
601: 556: 270: 802: 66: 792: 838: 782: 741: 151: 132: 457: 843: 797: 762: 549: 95: 91: 676: 666: 611: 494: 342:"Which Botnet Is Worst? Report Offers New Perspective On Spam Growth - botnets/Security" 767: 746: 736: 691: 681: 646: 616: 127: 267:"One of the world's largest spam botnets still alive after suffering significant blow" 822: 772: 706: 671: 661: 656: 626: 596: 388: 777: 711: 686: 631: 87: 83: 65:
In July 2012, a malware intelligence company published an analysis of the botnet's
122: 36: 223: 731: 621: 701: 651: 606: 498: 71: 787: 641: 526: 177: 117: 47: 199:"Grum, World's Third-Largest Botnet, Knocked Down | FireEye Blog" 721: 696: 572: 112: 32: 436:"MessageLabs: Botnets a threat to email marketing - Email Marketing" 726: 716: 591: 389:"Botnets cause surge in February spam | Security - CNET News" 545: 411:"Spam volumes surge thanks Grum and Rustock botnets - Security" 586: 292:"Research: Small DIY botnets prevalent in enterprise networks" 54: 242:"Researchers Say They Took Down World's Third-Largest Botnet" 495:"Botnet Responsible for 18% of World's Spam Knocked Offline" 224:"Huge spam botnet Grum is taken out by security researchers" 541: 473:"Dutch Police Takedown C&Cs Used by Grum Botnet" 365:. Securecomputing.net.au. 2010-03-02. Archived from 755: 579: 516: 514: 363:"Grum and Rustock botnets drive spam to new levels" 523:"Grum, World's Third-Largest Botnet, Knocked Down" 317:"MessageLabs Blog - Evaluating Botnet Capacity" 557: 8: 564: 550: 542: 35:mostly involved in sending pharmaceutical 409:James Wray and Ulf Stabe (2010-03-01). 143: 7: 319:. Messagelabs.com.sg. Archived from 413:. Thetechherald.com. Archived from 14: 269:. IDG. 2012-07-17. Archived from 344:. DarkReading. 30 September 2009 834:Distributed computing projects 493:Alex Fitzgerald (2012-07-19). 1: 387:Whitney, Lance (2010-03-02). 201:. Fireeye.com. Archived from 197:Mushtaq, Atif (2012-07-18). 174:"Killing the Beast - Part 5" 521:Atif Mushtaq (2012-07-19). 172:Atif Mushtaq (2012-07-09). 78:Grum botnet zombie clean-up 53:It used a panel written in 860: 471:Steve Ragan (2012-07-17). 456:Brian Krebs (2012-08-20). 154:. M86 Security. 2009-04-20 23:, also known by its alias 458:"Inside the Grum botnet" 438:. BizReport. 2009-09-30 294:. ZDNet. Archived from 57:to control the botnet. 101:Abuse Reporting Format 103:) report every hour. 803:Operation: Bot Roast 67:command and control 793:Man-in-the-browser 829:Internet security 816: 815: 783:Internet security 323:on April 18, 2013 133:Internet security 16:Spam email botnet 851: 798:Network security 763:Browser security 566: 559: 552: 543: 537: 536: 534: 533: 518: 509: 508: 506: 505: 490: 484: 483: 481: 480: 468: 462: 461: 453: 447: 446: 444: 443: 432: 426: 425: 423: 422: 406: 400: 399: 397: 396: 384: 378: 377: 375: 374: 359: 353: 352: 350: 349: 338: 332: 331: 329: 328: 313: 307: 306: 304: 303: 288: 282: 281: 279: 278: 263: 257: 256: 254: 253: 238: 232: 231: 220: 214: 213: 211: 210: 194: 188: 187: 185: 184: 169: 163: 162: 160: 159: 148: 96:Point of Contact 859: 858: 854: 853: 852: 850: 849: 848: 819: 818: 817: 812: 751: 580:Notable botnets 575: 570: 540: 531: 529: 520: 519: 512: 503: 501: 492: 491: 487: 478: 476: 475:. Security Week 470: 469: 465: 455: 454: 450: 441: 439: 434: 433: 429: 420: 418: 408: 407: 403: 394: 392: 391:. News.cnet.com 386: 385: 381: 372: 370: 361: 360: 356: 347: 345: 340: 339: 335: 326: 324: 315: 314: 310: 301: 299: 298:on May 11, 2011 290: 289: 285: 276: 274: 265: 264: 260: 251: 249: 240: 239: 235: 230:. 19 July 2012. 222: 221: 217: 208: 206: 196: 195: 191: 182: 180: 171: 170: 166: 157: 155: 150: 149: 145: 141: 109: 80: 63: 61:Botnet takedown 17: 12: 11: 5: 857: 855: 847: 846: 841: 836: 831: 821: 820: 814: 813: 811: 810: 805: 800: 795: 790: 785: 780: 775: 770: 768:Computer virus 765: 759: 757: 753: 752: 750: 749: 744: 739: 734: 729: 724: 719: 714: 709: 704: 699: 694: 689: 684: 679: 674: 669: 664: 659: 654: 649: 644: 639: 634: 629: 624: 619: 614: 609: 604: 599: 594: 589: 583: 581: 577: 576: 571: 569: 568: 561: 554: 546: 539: 538: 510: 485: 463: 448: 427: 401: 379: 354: 333: 308: 283: 258: 246:New York Times 233: 215: 189: 164: 142: 140: 137: 136: 135: 130: 128:Internet crime 125: 120: 115: 108: 105: 94:to inform the 79: 76: 62: 59: 15: 13: 10: 9: 6: 4: 3: 2: 856: 845: 842: 840: 837: 835: 832: 830: 827: 826: 824: 809: 806: 804: 801: 799: 796: 794: 791: 789: 786: 784: 781: 779: 776: 774: 773:Computer worm 771: 769: 766: 764: 761: 760: 758: 756:Main articles 754: 748: 745: 743: 740: 738: 735: 733: 730: 728: 725: 723: 720: 718: 715: 713: 710: 708: 705: 703: 700: 698: 695: 693: 690: 688: 685: 683: 680: 678: 675: 673: 670: 668: 665: 663: 660: 658: 655: 653: 650: 648: 645: 643: 640: 638: 635: 633: 630: 628: 625: 623: 620: 618: 615: 613: 610: 608: 605: 603: 600: 598: 595: 593: 590: 588: 585: 584: 582: 578: 574: 567: 562: 560: 555: 553: 548: 547: 544: 528: 524: 517: 515: 511: 500: 496: 489: 486: 474: 467: 464: 459: 452: 449: 437: 431: 428: 417:on 2010-07-21 416: 412: 405: 402: 390: 383: 380: 369:on 2010-12-07 368: 364: 358: 355: 343: 337: 334: 322: 318: 312: 309: 297: 293: 287: 284: 273:on 2018-11-30 272: 268: 262: 259: 247: 243: 237: 234: 229: 225: 219: 216: 205:on 2014-01-17 204: 200: 193: 190: 179: 175: 168: 165: 153: 147: 144: 138: 134: 131: 129: 126: 124: 121: 119: 116: 114: 111: 110: 106: 104: 102: 97: 93: 89: 85: 77: 75: 73: 68: 60: 58: 56: 51: 49: 44: 40: 38: 34: 30: 26: 22: 808:Trojan horse 636: 530:. Retrieved 502:. Retrieved 488: 477:. Retrieved 466: 451: 440:. Retrieved 430: 419:. Retrieved 415:the original 404: 393:. Retrieved 382: 371:. Retrieved 367:the original 357: 346:. Retrieved 336: 325:. Retrieved 321:the original 311: 300:. Retrieved 296:the original 286: 275:. Retrieved 271:the original 261: 250:. Retrieved 248:. 2012-07-18 245: 236: 227: 218: 207:. Retrieved 203:the original 192: 181:. Retrieved 167: 156:. Retrieved 146: 88:Shadowserver 82:There was a 81: 64: 52: 45: 41: 37:spam e-mails 28: 24: 20: 18: 123:E-mail spam 21:Grum botnet 823:Categories 742:ZeroAccess 532:2012-07-19 504:2012-07-19 479:2012-07-17 442:2010-07-30 421:2010-07-30 395:2010-07-30 373:2010-07-30 348:2010-07-30 327:2010-07-30 302:2010-07-30 277:2012-07-17 252:2012-07-18 209:2014-01-09 183:2012-07-11 158:2010-07-30 139:References 732:Vulcanbot 622:Conficker 839:Spamming 702:Slenfbot 667:Mariposa 652:Koobface 612:Bredolab 607:BASHLITE 499:Mashable 228:BBC News 107:See also 84:sinkhole 72:Spamhaus 31:, was a 844:Botnets 788:Malware 737:Waledac 692:Rustock 682:Metulji 647:Kelihos 642:Gumblar 617:Cutwail 573:Botnets 527:FireEye 178:FireEye 118:Malware 48:rootkit 778:Malbot 722:Torpig 707:Srizbi 697:Sality 672:Mega-D 662:Lethic 657:Kraken 627:Donbot 597:Asprox 152:"Grum" 113:Botnet 92:abusix 33:botnet 29:Reddyb 25:Tedroo 727:Virut 717:TDL-4 712:Storm 687:Nitol 677:Mirai 632:Festi 602:Bagle 592:Akbot 747:Zeus 637:Grum 90:and 27:and 19:The 587:3ve 55:PHP 825:: 525:. 513:^ 497:. 244:. 226:. 176:. 565:e 558:t 551:v 535:. 507:. 482:. 460:. 445:. 424:. 398:. 376:. 351:. 330:. 305:. 280:. 255:. 212:. 186:. 161:.

Index

botnet
spam e-mails
rootkit
PHP
command and control
Spamhaus
sinkhole
Shadowserver
abusix
Point of Contact
Abuse Reporting Format
Botnet
Malware
E-mail spam
Internet crime
Internet security
"Grum"
"Killing the Beast - Part 5"
FireEye
"Grum, World's Third-Largest Botnet, Knocked Down | FireEye Blog"
the original
"Huge spam botnet Grum is taken out by security researchers"
"Researchers Say They Took Down World's Third-Largest Botnet"
"One of the world's largest spam botnets still alive after suffering significant blow"
the original
"Research: Small DIY botnets prevalent in enterprise networks"
the original
"MessageLabs Blog - Evaluating Botnet Capacity"
the original
"Which Botnet Is Worst? Report Offers New Perspective On Spam Growth - botnets/Security"

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.