Grum Botnet Coming Back Slowly

Wednesday, March 27, 2013 @ 12:03 PM gHale


Back in July the command and control (C&C) servers utilized by Grum, a spam botnet that was the world’s third largest at the time, ended up shut down by Spamhaus, FireEye and CERT-GIB.

Just a few short months later, FireEye researchers found the botnet’s masters started reinstating its C&C servers . At the time, since there were only a couple of new servers, no major spam-related activities were coming out.

RELATED STORIES
Cookie Attack can Hijack Accounts
Huge Botnet Steals from Advertisers
Ramnit Malware Back, Better
Born Again Botnet Much Stronger

However, now, researchers from Trustwave’s Spider Labs found the volume of spam from Grum is constantly increasing.

So far, the spam volume is small compared to what it had been before the takedown, but it’s a clear sign that Grum is making a comeback. Grum’s main payload is to send out pharmaceutical spam.

“Perhaps bot herders behind Grum botnet are slowly rebuilding it again,” said Rodel Mendrez of SpiderLabs. “We’ve been involved in helping various botnet takedowns before, but most of the time, the effect is temporary. It seems this botnet is deeply rooted, that you couldn’t take it down by its branch and fruit, but by its roots.”



Leave a Reply

You must be logged in to post a comment.