Internet users can now expect a significant drop in spam messages as the world's third largest botnet has been knocked offline, a security firm said. FireEye Malware Intelligence Lab said the botnet, dubbed "Grum," was finally brought down after three days of concerted effort. "According to data coming from Spamhaus, on average, they used to see around 120,000 Grum IP addresses sending spam each day, but after the takedown, this number has reduced to 21,505. I hope that once the spam templates expire, the rest of the spam with fade away as well," it said in a blog post. All the known command and control (CnC) servers are dead, leaving their zombies orphaned, it added. It said the botnet had servers in Panama that were shut down following pressure on its Internet service provider (ISP) from the community. Panama was one of the major segments of the botnet along with Russia, it noted. However, it said the bot herders moved quickly and started redirecting to new secondary servers in Ukraine. "Ukraine has been a safe haven for bot herders in the past and shutting down any servers there has never been easy," it said. But FireEye contacted Spamhaus, CERT-GIB, and an anonymous researcher who passed on the information to their contacts in Ukraine and Russia. "As a result of this overnight operation, all six new servers in Ukraine and the original Russian server were dead as of July 18, at 11:00 AM PST," it said. On the other hand, it said the primary server located in Russia was not taken down by its ISP, GAZINVESTPROEKT LTD, but their upstream provider null-routed the IP address. FireEye also said Grum's takedown stemmed from the efforts of many individuals, which it said sends a strong message to all the spammers Source:- http://www.gmanetwork.com/news/stor...gest-botnet-now-offline-security-company-says
I use a personal domain for important emails and the Yahoo disposable email address service for most websites/mailing lists, and on my personal domain, I get server logs emailed to me showing server rejections. I've not noticed a big reduction in the last few days in spam. My guess is that there are still many infected (or 'zombies') computers out there still sending out spam via alternative botnets. Apart from that, the recent Yahoo exploit is still causing problems - I'm getting email from Yahoo.com email addresses, but its not getting correctly filtered as they seem to be genuine according to header information, meaning either the Yahoo webmail is easily hackable or there's an exploit somewhere in Yahoo's smtp servers. Apologies to the non-techies if you didn't have a clue what I was talking about there.
