Thursday, 19 July 2012

Security Experts bring down 3rd Largest Botnet

There you are, in Naboo’s capital city, hopelessly outnumbered and surrounded by battle droids. All hope seems lost. But then, abruptly, the droids stop moving. Resistance forces have destroyed the control ship guiding the droid army’s movements – rendering the battle droids disabled. The planet is finally at peace.

Yeah, that pretty much happened yesterday.

Security experts at FireEye brought down the massive Grum botnet yesterday. Responsible for about 18 billion spam messages per day, world spam levels are expected to drop by about 18% in the wake of the shutdown.

Grum operated primarily out of servers in Panama and the Netherlands. But when those main servers were shut down on Tuesday, the “bot herders” immediately set up new servers in Russia and the Ukraine. FireEye immediately began working with Russian and Ukrainian ISPs and successfully brought down the new servers as well.

Experts at FireEye say that restarting the botnet won’t be as simple as building new servers.

"It's not about creating a new server. They'd have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again," Atif Mushtaq, a computer security specialist at FireEye, told the Times. "They'd have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server." [NY Times]

No comments:

Post a Comment