Grum’s last servers were taken offline in Russia on Wednesday, effectively killing the botnet that has no fallback mechanism, said Atif Mushtaq, a researcher at FireEye’s security lab, which collaborated with the Russian Computer Security Incident Response Team and the Spamhouse Project in battling Grum.
At its height, Grum was the world’s largest spam botnet, falling to No. 3 since January. Before the takedown, the botnet’s120,000 malware-infected, active computers were spewing 18 billion spam email a day, or roughly a third of the world’s spam, said Trustwave.
The impact of Grum’s collapse went beyond the spambot. Stopping Grum caused a slowdown in the world’s largest spam botnet, Lethic, Mushtaq said Thursday. “Due to this [international] community reaction, Lethic has gone underground for awhile.”
With Grum down and Lethic quiet, the total amount of the world’s spam has been cut in half, at least temporarily, said Mushtaq.
Aside from the numbers, the spam-fighters’ success is expected to have a chilling effect on Russian and Ukrainian spam operations, which can no longer assume the countries offer a safe haven, due to weak laws.
The Grum operation was done without any involvement by law enforcement, showing that security researchers working together can also be effective in fighting botnets, which besides spam are used in denial of service attacks against websites.
Grum’s death leaves tens of thousands of inactive, malware-infected computers.