How a botnet works: 1. A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application — the bot. 2. The bot on the infected PC logs into a particular command and control (C&C) server (often an IRC server, but, in some cases a web server). 3. A spammer purchases access to the botnet from the operator. 4. The spammer sends instructions via the IRC server to the infected PCs, causing them to send out spam messages to mail servers. (Photo credit: Wikipedia) |
Grum: Inside The Takedown Of One Of The World’s Biggest Spam Networks
Grum sent over a quarter of the world’s spam and was one of the most ingenious botnets ever created. But, with savvy, a lot of luck, and cooperative ISPs, the Grum botnet dried up and died last month. ..... Like a biological virus primed to thrive in a certain type of medium, the Grum virus was susceptible to defeat if someone knocked out each of those CnC IP addresses. ..... Like Microsoft or Apple pushing out OS patches, the Grum makers were upgrading their virus regularly, adding new features and fixing problems. ...... The Grum botnet was one of the most robust and powerful in the world. ..... the system worked without peer and slowly began spamming the world, mostly with poorly worded pharmaceutical emails. ...... – for half a decade. ..... Spamming isn’t very lucrative. .... most major spammers hover at around $150 million in a good year. In the bell curve of spammers, however, most end up on the side of making very little. ..... set up in 2006 by someone who walked into a WebMoney office in Moscow and presented a Russian passport #4505016266. The name on the passport was a 26-year-old named Nikolai Alekseevich Kostogryz. ...... Around the world, sysadmins were watching the Grum takedown with interest. In Moscow, a response team from Group ID was at the ready to begin taking down the Russian and Ukrainian servers. Van Straten volunteered to assist in contacting various authorities. ..... 5 years, 3 months, and 17 days after the first emails began spewing out of the Grum botnet, the last server was dead..... The Internet got just a bit quieter