After calling out to the security community in an effort to stop the activities of Grum, the world’s third largest spam botnet, FireEye researchers have announced the first victory. Dutch authorities have taken down two of the command and control (C&C) servers used by Grum.
“These two CnC servers were responsible for pumping spam instructions to their zombies. With these two servers offline, the spam template inside Grum's memory will soon time out and the zombies will try to fetch new instructions but will not able to find them,” FireEye’s Atif Mushtaq wrote
“Ideally this should stop these bots from sending more spam. I am sure the absence of the spam sent by the world's third largest spam botnet will have a significant impact on the global volume.”
However, this is not the end of Grum. The main C&C servers, located in Russia and Panama, are still active and pulling the plug on them doesn’t appear to be an easy task.
The ISPs whose networks house the two servers have been contacted and presented with evidence which shows that there’s something crooked, but so far they've refused to take any action.
Unfortunately, these two master C&Cs can be used by the cybercriminals to recover their botnets by performing a worldwide update. FireEye researchers are permanently monitoring the situation and so far there haven’t been any attempts to recover the botnet.
The ideal scenario would be the one in which Russian and Panamanian authorities collaborated, such as the ones from the Netherlands.
In the meantime, security firms are also tackling ZeuS botnets and their masters. Not long ago, Microsoft added the names
of two individuals to the complaint filed against the operators of the recently disrupted botnet.