14 DAY TRIAL // In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the world’s third largest at the time.
A couple of months later, FireEye experts reported that the botnet’s masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified.
However, now, researchers from Trustwave’s Spider Labs reveal that the volume of spam from Grum is constantly increasing.
So far, the spam volume is small compared to what it had been before the takedown, but it’s a clear sign that Grum is making a comeback. It's also worth noting that Grum is still used for pharmaceutical spam.
“Perhaps bot herders behind Grum botnet are slowly rebuilding it again. We’ve been involved in helping various botnet takedowns before, but most of the time, the effect is temporary. It seems this botnet is deeply rooted, that you couldn't take it down by its branch and fruit, but by its roots,” Rodel Mendrez of SpiderLabs explained.