Experts take down Grum spam botnet, world's third largest

Computer-security experts took down the world's third-largest botnet, which they say was responsible for 18 percent of the world's spam.

Command-and-control servers in Panama and the Netherlands pumping out up to 18 billion spam messages a day for the Grum botnet were taken down Tuesday, but the botnet's architects set up new servers in Russia later in the day, according to a New York Times report. California-based security firm FireEye and U.K.-based spam-tracking service SpamHaus traced the spam back to servers in Russia and worked with local ISPs to shut down the servers, which ran networks of infected machines called botnets.

The tech community has stepped up its efforts of late to take these botnets offline. Microsoft in particular has been quite active, using court orders to seize command-and-control servers and cripple the operations of the Waledac, Rustock, and Kelihos botnets.

The takedown of the Rustock botnet cut the volume of spam across the world by one-third, Symantec reported in March 2011. At its peak, the notorious botnet was responsible for sending out 44 billion spam messages per day, or more than 47 percent of the world's total output, making it the leading purveyor of spam.

Security experts are confident they have stopped the Grum botnet in its tracks.

"It's not about creating a new server. They'd have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again," Atif Mushtaq, a computer security specialist at FireEye, told the Times. "They'd have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server."