50% of worldwide spam is gone
Good news for your email inbox: You'll be seeing less
spam in it now, thanks to a global takedown effort that knocked one of the
world's biggest spammers offline this week.
"About 50% of the worldwide spam is gone," says
FireEye senior scientist Atif Mushtaq, who participated in the demolition.
The dramatic decrease is the result of a coordinated
attack by security firms and Internet service providers around the globe that
took down a network of infected computers known as "the Grum botnet."
Grum, one of the world's most prolific spammers, generated around 18 billion
emails a day, by FireEye's estimates.
A botnet is a collective of computers infected with
malware -- typically without the computer owner's knowledge -- and taken over
by an outside attacker. Criminals who gain control of botnets use them for
malicious activities like pumping out massive volumes of spam or launching
denial-of-service attacks on targeted websites. The bigger the botnet, the more
firepower the cybercrimal has at their fingertips.
Grum was an especially vast and nasty spammer. First
detected in early 2008, its malware infected several hundred thousand computers
around the world and churned out huge amounts of pharmaceutical spam
advertising cheap drugs.
At its peak, Grum was the world's most prolific spam
machine, though researchers recently dropped it to the number three spot on
their ever-changing list of the world's largest botnets.
The tale of its demise reads like a high-tech thriller.
The brain of a botnet is what's known as a "command
and control" server. Grum had several of those servers scattered around
the globe in countries including Russia, Panama, and the Netherlands. But it
also had a fatal weakness: The network had no recovery mechanism if all of its
command servers were simultaneously knocked offline.
A Dutch Internet service provider yanked the plug Tuesday
on two of Grum's primary command servers. A Panamanian server went down next,
leaving just one main server -- in Russia -- coordinating the entire Grum
swarm.
But when the botnet's operators realized their network
was under attack, they launched their evasive actions, shifting their traffic
to a fresh set of backup servers in Ukraine.
"Right in front of my eyes, the bot herders started
pointing their botnet to new destinations," Mushtaq wrote in a blog post
about the takedown. "For a moment, I was stunned."
Mushtaq alerted collaborators around the global,
including a cybersecurity team in Russia that quickly went after the new servers'
Internet providers. Within a few hours, they persuaded key providers to cut the
connection. By 2 p.m. ET on Wednesday, the entire system was dead.
"We are confident that it can't recover,"
Mushtaq told CNNMoney on Thursday morning. "I've been monitoring Grum for
four years. Right from the start we knew that it doesn't have any fallback
mechanism."
Grum was responsible for 35% of the Internet's spam
volume last week, according to monitoring statistics from security firm
Trustwave.
Tracking botnet spam is tricky, and other firms have
different estimates. Spam tracker Spamhaus estimates that 15% to 17% of the
world's spam was coming from Grum as of early this week.
Its demise is having ripple effects. The spam volume from
another major botnet, Lethic, plunged overnight, Mushtaq said. He thinks the
operators of that botnet have "gone underground."
Cumulatively, killing Grum and wounding Lethic has
instantly cut the worldwide spam volume in half, FireEye estimates.
Grum recently averaged 120,000 infected computers a day
generating spam, but immediately after the takedown, that number dropped to
21,505, Spamhaus reported.
On Thursday, Spamhaus's latest data showed zero infected
machines sending messages.
Spam had already declined dramatically in recent years
thanks to coordinated global efforts. Mushtaq thinks the goal of a junk-free
inbox is in reach.
"One last final blow and I think we can make a rapid
and permanent decline in worldwide spam," he said.
Comments
Post a Comment