Monday, May 16, 2022

Grum botnet loses Netherlands-based servers

According to FireEye Research, two Netherlands-based command and control servers were taken offline on July 17.

But ISPs in Russia and Panama are still continuing to host Grum botnet command-and-control servers, after Dutch authorities shut down C&Cs in their country.

Botnets are the target of a growing international effort targeting their C&C servers.  With new technology botnets are making it more challenging for authorities to track them down.  Earlier this year, Microsoft claimed credit for taking down the extensive Zues and SpyEye botnets, and earlier this month the DNS servers associated with DNSChanger were finally shut down and taken over by the feds.

“With these two servers offline, the spam template inside Grum’s memory will soon time out and the zombies will try to fetch new instructions but will not able to find them. Ideally this should stop these bots from sending more spam”,

writes FireEye’s Atif Mushtaq.  Mushtaq adds that the company believes Grum to be the world’s third-largest Spam botnet.

“Using these two live servers, the bot herders might try to recover their botnets by executing a worldwide update. No action has been taken by the bot herders so far. There is complete silence from their side,”

the FireEye blog post continues.


About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …