backtop


Print 26 comment(s) - last by Lerianis.. on Jul 21 at 2:30 PM

Another one bites the dust

We all hate spam and are familiar with the irritation it produces. For every legitimate e-mail many of us receive, there are several spam e-mails to go along with it. It seems like a never-ending battle to stop spam on the Internet, and in some respects it is. However, security firms and other corporations have found recent success taking down the source of spam.
 
Often the source for much of the spam we're hit with each day comes from botnets. In these botnets, many computers that are infected are used to send out tons of spam e-mails each day. This week security researchers have announced that the world's third-largest spam generating botnet, Grum, has been taken down. Researchers claim it was responsible for 1/5 of the world's global spam e-mail.
 
The servers that operated the botnet were based in Russia, Panama, and the Netherlands and were estimated to be in control of 100,000 infected "zombie" PCs or bots. According to researchers, Grum was ranked as the third largest network behind  the Cutwail and Lethic spam botnets.
 
Grum didn't go down without a fight, however. The people behind the botnet set up six new servers for command-and-control functions of the bot PCs on Tuesday in response to servers that had been shut down in Panama. The researchers had been successful in getting the ISP hosting the CnC servers to pull the plug, which happened after Dutch authorities shut down two Grum CnC servers in the Netherlands.
 
"FireEye, working with Russian CERT-GIB and Spamhaus, found each of these new CnC servers, took a heavy-handed approach in working with Russian ISPs and domain registrars, and took them down as of 11am PT this morning, signaling the full shut down of the botnet," a FireEye spokesperson said.
 
The six new CnC servers were later taken off-line and as of July 18 at 11 AM PST, the network was dead. Spamhaus says that on average there were 120,000 Grum IP addresses sending spam each day and after the takedown number has been reduced to 21,505. The hope is that once spam templates on these machines expire, the remainder of the spam will fade.
 
FireEye added, "We should not take 120,000 IP addresses as the size of the Grum botnet. 120,000 IP addresses constituted only the zombies actively sending spam. In many corporate and ISP environments, outgoing email traffic is blocked by default so a big portion of the Grum botnet never sends any spam, but the bot herders use them for hosting their promotional websites."

Sources: PCMag, FireEye



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I dont hate spam.
By Mitch101 on 7/19/12, Rating: 0
RE: I dont hate spam.
By Motoman on 7/19/2012 10:22:42 AM , Rating: 5
...what you described does nothing to stop spam, it just hides it from you, personally.

Spam still takes up the vast majority of all email processing, internet-wide, whether you see it or not. Spam has to be killed at the source, like this, in order to make a difference.


RE: I dont hate spam.
By Mitch101 on 7/19/2012 11:14:13 AM , Rating: 1
True - Ive been a messaging engineer forever there are too many small businesses out there that you will never be able to turn on any features that would prevent a lot of spam because you would block legitimate email. Even then you can work around those settings. Luckily corporate spam filtering comes with a budget to get rid of most spam unlike home use POP3 on something like roadrunner who have little to no spam filtering configured.

On my home config I can choose to have it never arrive but about every other month I have to add a new domain or someones new e-mail address to my list. This is my home account on POP which is 99% of the people out there's home setup. I used to have my own home server setup but that's a waste of electricity having it run around the clock and if my ISP changes my IP address even though Ive automated that through my router. while I have access to filtering/block lists through work Its just easier specifying who can send to me.

The reality is its not cluttering up my inbox which is the frustrating part of spam which is what most people desire out of e-mail.


RE: I dont hate spam.
By amanojaku on 7/19/2012 10:26:01 AM , Rating: 2
I hate spam, because it puts a load on servers and networks, and often times compromises security. The servers are sending spam when they shouldn't, which uses CPU, RAM, and disk. Security had to be circumvented to get the spam bot on there in the first place. And spam oftentimes accounts for double-digit increases in network utilization.

The receiver now has to filter everything, which means more CPU, RAM and disk. If it's public hosting (Gmail, Hotmail, Yahoo, etc...) you probably won't be affected, but the load on a corporate laptop pulling down 1,000+ emails on start up (no joke) is crazy.

As a former admin, engineer, and architect, I can tell you that spam degrades the performance of servers, desktops, routers, switches, firewalls, load balancers, SANs, and anything else they touch. The end result is money lost handling someone else's data.


RE: I dont hate spam.
By Mitch101 on 7/19/2012 11:21:13 AM , Rating: 4
You need better admins, budget, equipment, and third party spam prevention to stop most of your spam at the perimeter before it enters your network. If your dealing with this in your environment one of the above is the problem.

No security should be circumvented in the process. I would recommend having headers stripped to prevent anyone from knowing what your products you use because some like to advertise themselves in the header and strip out servernames as well no one needs to know this except you. You can always reference your server logs for timestamps if someone is questioning mail delays.


RE: I dont hate spam.
By Ammohunt on 7/19/2012 2:12:17 PM , Rating: 4
Very true having built edge mail systems for more that one company i can tell you the savings in bandwidth alone is immense. One company i worked for was forwarding all email from the edge to an internal anti-spam server using up gigs of bandwidth daily some 300k messages mostly spam. The systems i designed and built reduced the amount of messages passing the edge servers by 97% using just greylisting; later it was reduced further to 99% using RBL's,anti-virus/phishing and a custom Directory Harvest attack macro all using FOSS solutions (exim,mysql,clamav)


RE: I dont hate spam.
By dgingerich on 7/19/2012 11:19:17 AM , Rating: 3
quote:
Still the reason there is spam I hate to say it is because it works.


it only works on stupid people. Unfortunately, there are many stupid people in this world.


RE: I dont hate spam.
By Mitch101 on 7/19/2012 11:21:39 AM , Rating: 2
True you cant fix stupid.


RE: I dont hate spam.
By MadMan007 on 7/19/2012 3:13:44 PM , Rating: 2
By Beenthere on 7/19/2012 4:30:31 PM , Rating: 2
Hanging them by their thumbs or other attachments for a few months would be a good start at reducing their digital misdeed.




By Solandri on 7/19/2012 5:55:44 PM , Rating: 5
Naw, just put a copy of all the spam they sent on a PC. Their sentence can be to sit in a jail cell until the speech recognition program verifies that they've read aloud all of the spam they've ever sent.


By inperfectdarkness on 7/21/2012 5:08:43 AM , Rating: 2
+6


What?
By eckre on 7/19/2012 10:17:11 AM , Rating: 2
What's spam?

Signed,

Gmail user.




RE: What?
By Motoman on 7/19/2012 10:23:26 AM , Rating: 1
World's most ironic post, considering the vast amounts of spam that come from gmail accounts.


RE: What?
By Natch on 7/19/2012 10:57:18 AM , Rating: 2
I would, however, say that Gmail's spam detector works much better than Yahoo's. Not too often that a spam e-mail makes it through to my Gmail inbox.

I do get a kick out of the spam e-mails you get, which are all Chinese characters. I've never bothered copying & pasting them into a Babelfish translator, but I'd imagine it's just promising the same old things....bigger weiners, and more money!


RE: What?
By Mitch101 on 7/19/2012 11:24:30 AM , Rating: 2
If you download into outlook you should check out block encoding lists option. That will allow you to block out international mail in character sets/languages you dont read.


What about the #1 & #2 botnets?
By vortmax2 on 7/19/2012 12:09:21 PM , Rating: 2
Are authorities going after those as well or is it not that simple?




RE: What about the #1 & #2 botnets?
By Jaybus on 7/19/2012 3:03:05 PM , Rating: 2
Probably, but it isn't simple. They are spread out over numerous nations. It's not easy to get the ISPs to cooperate because they are bound by various privacy laws. So it requires at least some government involvement. It is definitely hard to get multiple governments to cooperate with one another.


By Lerianis on 7/21/2012 2:18:10 PM , Rating: 2
Actually, yes, it is. You can require the ISP's to inform the people in question that their PC's are cranking out spam and give them a link to some site or page somewhere that has instructions on how to clean their computers of the botnet infection.


no more lottery winnings??
By KOOLTIME on 7/19/2012 7:12:07 PM , Rating: 2
What the heck are they thinking shutting down the spammers ??

All those foreign country lottery winning spams i get and the millions of dollars promised because im always the lucky winner of them, aw they shut down my road to riches ??

(sarcasm) hope the folks doing that garbage do some jail time. Let them get some prison spam see if they think screwing innocent folks over was really worth it then.




RE: no more lottery winnings??
By Lerianis on 7/21/2012 2:30:49 PM , Rating: 2
I doubt these people will get any real jail time. Unless you murder someone today, you are unlikely to get any real jail time.... unless you happen to fall under those stupid 'mandatory minimum' times for drug crimes.


Thank god
By masamasa on 7/19/2012 10:47:42 PM , Rating: 2
Someone needs to shoot these spambot fools. I'm tired of junk mail.




This is the one thing
By Argon18 on 7/19/12, Rating: -1
RE: This is the one thing
By andrewaggb on 7/19/2012 2:16:49 PM , Rating: 2
they probably are all windows machines

but it's not like other OSes are no susceptible, that's a load of bs.

Pretty much all complex software has security vulnerabilities. Just look around at all the hacks, attacks, password dumps etc in the last couple years. I 100% agree that on the client side/desktop etc that you are much safer from malware running linux or mac os, but on the server side that is absolutely not true.


RE: This is the one thing
By Argon18 on 7/19/12, Rating: -1
RE: This is the one thing
By kmmatney on 7/19/2012 3:15:14 PM , Rating: 2
You comparing a few Linux and Unix boxes (run by Admins) versus several hundred thousand PCs owned by clueless people... You have to give OSX some credit - they don't have nearly this type of problem, despite there being hundreds of thousands of Macs out in the world, mostly owned by non-techies.


"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki