To start with, just in case if you don’t know, botnet is a collection of computers — connected with each other through internet — whose security has been breached and are controlled by anonymous servers.
Such compromised computers are called “bot”, and they are used (or controlled remotely) for various purposes, most popular of which is to send (spam) emails to locally stored contacts.
Grum—that’s what they are calling it—was one such network said to be responsible for sending 20 percent (and 33 percent at one time in 2011) of all spam emails in the world has now been taken down, thanks to the efforts and collaboration initiated by Atif Mushtaq, a Pakistani professional originating from Lahore and now a senior staff scientist at FireEye, a security firm headquartered in San Francisco.
Born in Russia, traces of Grum roots back to 2007 and was primarily developed to inject a Trojan on target computers with ability to replicate the bots and communicate back to server also called Command and Control.
In March 2007 the world started receiving emails from [email protected] with “Download Internet Explorer 7” link in it. Clicking on link would download an exe file to give the control of bot’s hard disk to the command and control servers. Soon there were 120,000 bots connected to the net, which could communicate back to Command and Control.
Grum, which could enhance itself with regular updates coming from command and control servers, soon started sending emails with links to affiliate products. It is said that botnet owner, allegedly a hacker from Russia, made USD 6 million in 2010 only.
Atif Mushtaq was following Grum with all the details and was able to trace a set of IPs that were hosting all command and control servers of Grum. There were over a dozen such servers in Netherlands, Panama and Russia. Atif wrote a series of posts, seeking attention of researchers and experts to take down Grum, which eventually helped him to fetch companions with common interest.
By teaming up with Spamhaus—a company responsible for keeping record of SPAM IP addresses—and contributors from various countries, Atif was able to eliminate all Grum servers. Grum originator, of course, tried to setup more (fallback) servers in Russia and Ukraine but they were taken down too.
Botnets will keep evolving no doubt, but without Grum the world will see 20 percent lesser SPAM. Also this instance shows that botnet servers residing in countries like Ukraine, China and Russia can also be taken down. A hope for a better spam-free world, in which business spends over USD 40 billion per year on anti-spam technologies.