Image via Flickr
Thanks to some ambitious, enterprising and dare-we-say fearless geeks, the Internet will be a little bit cleaner from now on. On Wednesday, a global team of computer security experts (read: defenders of freedom) took down Grum, the world’s third largest botnet.
Grum was no small fish. The network of cybercriminals is thought to have been responsible for 18 percent of the world’s spam. That’s 18 billion messages a day full of unique opportunities like great deals on Viagra or the chance to help out a kind-sounding Nigerian businessman who’s down on his luck, and that massive cache of malicious emails also includes those riddled with debilitating viruses or phishing scams set up to steal your passwords and credit card numbers.
Destroying Grum was not an easy task. A botnet sort of resembles a hydra, where a command-and-control servers act as the monster’s multiple heads and the millions of infected computers as its destructive body. When one of these command-and-control servers is taken out, two more seem to pop up in its place. The only way to really kill the beast is to cut off all the heads and let the body wither away. In other words, take out the command-and-control servers, and the zombies that they controlled won’t know what to do.
This is basically what happened to Grum. With the help of the excellently-named British nonprofit Spamhaus, the security company FireEye spent months tracking down Grum’s command-and-control servers before it launched its counterattack earlier this week.
FireEye took out two servers in the Netherlands before going after the main ones in Panama and Russia, but almost immediately, the bot herders hustled to set up a new nerve center in Ukraine. It took them a day to organize, but by Wednesday morning, FireEye and its allies had taken down the six new Ukraine servers and the original Russian server. And Grum won’t be coming back for a while.
“They’d have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again,” Atif Mushtaq, a computer security specialist at FireEye, told The New York Times. “They’d have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server.”
If the cybercriminals try to get Grum going again, it will be folks like FireEye and Spamhaus that put a stop to it. Law enforcement agencies, it turns out, either can’t or won’t deal with spammers and hackers. Or at least they haven’t historically; for example, it was a group of cybersecurity experts in San Francisco, not cops, that took out the Kelihos.b spambot earlier this year.
Microsoft is also impressively active in fighting back against spam. They took out the botnet Waledac in 2010 — though it was back up and spamming a week later — and last year scored a big victory in knocking out Zeus, a botnet that stole people’s identities and credit card information. Microsoft also played a key role earlier this year in bringing down Rustock, the behemoth that was once responsible for 47 percent of the world’s spam. With this latest spambot takedown, we can only assume that these cybersecurity experts will continue to serve as the Internet’s neighborhood watch team.
Ultimately, it’s good that we have these proactive geeks protecting us against hackers and spambots, because government agencies seem ultimately incapable of rising to the task. This week, British authorities finally gave up in their attempt to find the hacker responsible for leaking from the University of East Anglia’s climate change research institute. (You remember: the leak that was supposed to prove that scientists didn’t really believe in climate change.) Stateside, the Pentagon has admitted that it’s no good at cybersecurity, thought it’s pledged to double down on its efforts to catch up. And we can take the rash of hacks from groups like Anonymous and LulzSec last year as proof that police can’t prevent these crimes from happening.
For now, the battle between cybersecurity warriors and the spambots will carry on behind the scenes, and the little victories like the death of Grum will be celebrated in the press. And meanwhile, your personal information will be a little safer, and your inbox will be a little less cluttered. Oh, and just for future reference, if you really want a good deal on Viagra, go to Canada.
- Badoo is an Enigma Wrapped in a Puzzle Wrapped in Spam
- Internet Martial Law: What Obama Might Have To Do In Case of Cyberwar
- “Chat Logs From The Internet’s 24-Year-Old “King of Spam”":http://motherboard.vice.com/2011/12/7/chat-logs-from-the-internet-s-24-year-old-king-of-spam