, ,

World’s Third Largest Spam Botnet Taken Down

Ever wonder where all the spam flooding your inbox and spam folders are coming from?  The answer lies in hundreds of thousands, if not millions, of infected computers around the world.  This network of computers are hosts to some type of malwares that makes infected machines sources of these electronic deluge of unsolicited commercial emails. Today’s viruses and worms allows spammers to install a backdoor malware to make susceptible computers easy senders of spam to other machines around the globe. Security experts last year estimated that there were about 7 trillion spam messages generated in 2011 alone.

While fighting spammers is an uphill battle for governments and Internet Service Providers, which normally take the heavy toll in adding extra capacity to cope with the ever increasing bandwidth for customers, there are some few successful takedowns that affect the flow of spam messages around the world significantly.

This week, computer experts managed to  shut down the world’s third largest botnet that sends about 18 billion spam emails per day.

Known to experts and authorities as the Grum botnet, this command-and-control infrastructure responsible for 18% of the world’s spam emails, was taken down in Panama and Netherlands last Tuesday although the brains behind the operation were able to set-up new servers somewhere in Russia in the same day. The report was published by the New York Times on July 18, 2012. The servers in Russia were also taken down the following morning when the UK-based spam tracking service called SpamHaus and a California-based security company FireEye managed to trace the new spam emails.

The online community has been actively engaging the operators of botnets, the term for networks of infected machines sending these spam messages, ever since email became popular. Big companies like Microsoft has been at the forefront of the effort, using any available legal means to cripple command-and-control systems of botnet operators. Earlier this year, Microsoft helped the U.S. authorities raid botnet servers in Illinois and Pennsylvania. The said servers were filtering personal information like bank account statements , credit card numbers, and other personal information from infected machines.

In 2011, Rustock botnet was taken down allowing for a significant decrease of spam around the world. According to Symantec, Rustock was responsible for producing one-third of the spam volume around the world during its heyday, translating to 44 billion messages per day.  It was considered the biggest spam botnet last year.

Experts are confident that the hit on Grum would cripple the operation entirely, forcing its architects to start from scratch again. The takedown targeted the master server, which was responsible for the central operation of the botnet.

Althoiugh takedowns like this tend to get easy publicity, the real challenge is to prevent architects of spam to rise up again. When Microsoft brought down Waledac in 2010,  a new modified version of the botnet was up and running again in no time. The same was true of the blocking of Kelihos.b. A modified botnet started infecting computers in a matter of a week after the takedown.