Grum Botnet Unable to Revive Yet Again
The biggest spam-spewing botnet internationally, namely 'Grum,' on No.3 was recently dismantled during July 2012 through the efforts of FireEye, Spamhaus as well as 'Computer Security Incident Response Team based on Group-IB' (CERT-GIB). Nevertheless, during the 3rd-week of September 2012, Grum's bot-controllers set up a few fresh C&C (command-and-control) systems so they might revive the botnet, states softpedia.com dated September 18, 2012.
Elaborating on this new development, Security Researcher Atif Mushtaq of FireEye posts online that during the said weekend, Spamhaus' Thomas Morrison informed him about one fresh command-and-control server set up for Grum. This particular server on the IP address 184.108.40.206 had its base in Turkey. Subsequently Mushtaq has managed to locate one more active C&C server whose IP address is 220.127.116.11. Fortunately, however, both servers are currently offline thereby causing the destabilization of the Grum's newest segment, Mushtaq writes. Blog.fireeye.com published this dated September 17, 2012.
Surprisingly, Grum's newest portion didn't attempt at utilizing the limited period it stayed to carry out any large-scale e-mail delivery operations. That's because possibly the bot-masters were restructuring the network while keeping it out of sight.
Mushtaq further posts that his organization has been monitoring Grum right from the beginning therefore, it's quite immature for the bot-controllers towards making the assumption that no one would notice their activities. The investments they just made proved ineffective causing some real money and time loss for them, Mushtaq adds and softpedia.com published it.
Meanwhile, following several months' passage alternatively years in amassing infected PCs for their bot-networks as well as cautiously selecting IP addresses for the related C&C servers, the Grum bot-herders perceivably don't want to give up using their equipments despite law enforcement's focused attention on Grum's new activities. Over the recent years, this same development was seen with many other botnets as well as will possibly continue further, particularly because it's so easy for attackers to establish fresh C&C servers that are originally from lawful networks that have been compromised, alternatively are at bulletproof ISPs. Consequently, it remains for the security community to see whether there'll be any further attempts hereafter by the bot-masters, FireEye concludes.
Related article: Green Party Apologizes For E-mail Bungle
» SPAMfighter News - 27-09-2012