Roughly 18 percent of global spam was cut down as security experts blocked Grum botnet’s command and control servers in Netherlands and Panama on Tuesday. Shortly after the two servers were blocked, Grumâ€™s architects quickly set up seven new command and control centers in Russia and Ukraine.
The takedown ended successfully on Wednesday morning as a direct result of a successful collaboration between FireEye, a security company based in Milpitas, and its security counterparts in Russia. Internet service providers were notified to shut down the servers hosting the botnet, leaving infected computers without servers to connect to.
The same security experts say Grumâ€™s creators will have a hard time reestablishing the command and control servers, as the botnet was specifically coded to connect to a master server that has been taken down.
â€œItâ€™s not about creating a new server. Theyâ€™d have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again,â€ said Atif Mushtaq, a computer security specialist at FireEye.â€Theyâ€™d have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server.â€
The spam botnet was believed to be the third largest. Because infected computers can no longer connect to a master server, itâ€™s unlikely this version of the botnet will surface any time soon.