Bot herders try to resurrect Grum, fail
Posted on 24 July 2012.
Bookmark and Share
As you have probably already heard, the Grum botnet - formerly the third largest in the world - has been effectively shut down last week after several security researchers managed to coordinate the takedown of its last-standing C&C servers in Ukraine and Russia.


Expectedly, the botnet's herders have not sat idly by while their livelihood was threatened, and they mounted a last-ditch attempt at regaining control of at least one segment of the botnet.

"In the absence of any built-in fallback mechanisms, the bot herders used another fallback mechanism that is called money," FireEye's Atif Mushtaq reported yesterday.

"Over the weekend we found that the Ukrainian ISP SteepHost removed the null route on three CnCs that were taken down last week. We suspect the bot herders must have paid a large amount of money in order to get access to these servers."

The move resulted in a short burst of spam sent by the botnet, but any further action was quickly thwarted by security researchers who contacted SteepHost and negotiated once more the shutdown of the servers in question.

The ISP says that the servers were back online due to break-ins and security related issues. Still, they were effectively threatened with the possibility of getting de-peered off the Internet by their upstream provider or of getting their subnet blacklisted if something like this happens again.






Spotlight

How cybercriminals profit from money laundering through gambling sites

Posted on 24 April 2014.  |  A new report identifies the proliferation of online casinos, an industry set to grow nearly 30% over the next three years, and how their use is fueling cybercrime.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //