Grum, the world’s third largest spam botnet, has been taken down in July by Spamhaus, FireEye and CERT-GIB. However, last week, the botnet’s masters instated a couple of new command and control (C&C) servers in Turkey.
Both servers were taken offline and while they were active, researchers didn’t notice any major spam-related activities. According to FireEye experts, this may be an attempt to resurrect Grum.
“Grum has been on our watch list since day one and it is pretty naive on the bot herder's part to think that their actions would go unnoticed. Their new investment went badly, costing them some real time and money,” FireEye’s Atif Mushtaq explained
It remains to be seen if the bot herders will make such attempts in the future. Although, considering that they had such a successful business
in the past, it shouldn’t surprise anyone if they did.