World’s No. 3 spam botnet gasps dying breath after tense takedown | Ars Technica

Security researchers said they dismantled the world's No. 3 spam botnet after convincing the companies that hosted its command and control servers to pull the plug on the operation.

Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.

"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam.'"

Responsible for about 18 percent of the world's junk messages, Grum was ranked as the No. 3 source of spam.

FireEye has been instrumental in the takedown of other menacing botnets, including Srizbi, Rustock, Cutwail, and Ozdok. Microsoft, Kaspersky, and others have also participated in the eradication of botnets, sometimes using novel legal tactics to prevent the operators from regrouping.

Botnet operators have long viewed Russia and Ukraine as safe havens for their illegal activities, so Wednesday's takedown is seen as something of a coup.