back to article Mega spam-spewing Grum botnet finally KO'd

Security researchers have dealt a knockout blow to Grum, one of the most prolific spam-distribution botnets. Command-and-control servers in the Netherlands were taken out on Monday, but that still left zombie control nodes in Russia and Panama up and running. According to security researchers, pressure was applied on a …


This topic is closed for new posts.
  1. Richard Jennings

    Ever since Dubya, we've had to put up with this ...

    "that's been something of a safe haven"

    Is that as opposed to an unsafe haven ?

    1. Figgus

      Holy CRAP I didn't know Dubya had a TARDIS...

      ... because he would need one to be the creator of that phrase.

      Set the Wayback machine for the twelfth century, Sherman.

      1. Richard Jennings

        Re: Holy CRAP I didn't know Dubya had a TARDIS...

        No TARDIS needed

        The speech is perhaps best remembered for this remark. "[W]e will pursue nations that provide aid or safe haven to terrorism," said Bush. "Every nation in every region now has a decision to make: Either you are with us or you are with the terrorists."

  2. irrelevant
    Thumb Up


    I hope it's this lot that's been sending spam with a /from/ address of one of my emails for the last year or so... Month-to-date alone I've had around 1,300 "Undeliverable" messages land in my mailbox... god knows how many more got through, but it's enough to actually cost /me/ money, due to the sheer volume of DNS lookups it creates bumping me off the free DNS tariff I was using. I am well p***ed off with it.

    1. Gordon Fecyk

      Sender ID / Open SPF / whatever?

      I hope it's this lot that's been sending spam with a /from/ address of one of my emails for the last year or so...

      Isn't this what the various accountability protocols were supposed to address?

      (I call them 'accountability' protocols because this is what I had in mind when I worked in the LMAP working group back in 2004. But some refuseniks who valued anonymity at the expense of civility killed it. At least, this is what I believe. That and somehow Microsoft's involvement made it A Bad Thing To Be Avoided No Matter How Much Good It Could Do. Or some other such BS.)

      1. Allan George Dyer

        Re: Sender ID / Open SPF / whatever?

        Yep, I get those damn bounces too. If only the recipient servers checked my SPF record.

        Also, if the recipient server checked it was deliverable (and acceptable) before responding 250 OK at the end of the DATA phase, they could tell the real sender (or tarpit them) instead of sending a useless rejection message to me.

    2. Tom 35

      Re: Volume...

      I had that happen but I was receiving 600 per minute and had to delete that email address. It was like a DDOS attack as my mail server was crawling. Even just bouncing them was slowing down the server.

      Lucky it was just an address I created to receive some mailing lists I subscribe to so not a big deal to change.

      1. Captain Scarlet Silver badge

        Re: Volume...

        Don't bounce them, black hole them!!!

  3. Shannon Jacobs

    Live and let spam is NOT a solution

    I still have some trouble understanding how the so-called safe havens exist. The Internet is predicated upon cooperation. You refuse to cooperate in shutting down your spammers, why should I cooperate with you in such little things as accepting ANY of your email or allowing anyone to access any websites hosted in your network? It doesn't really matter if "you" is a nation, a corporation, or even a real person running a minor Web server. If you aren't willing to cooperate, you should be frozen out. Start with a few cold toes, but the other side should keep Mr Freeze's phone number handy...

    Anyway, the current new annoying spam-scam of the day involves Yahoo's calendar, apparently via the German subsidiary of Yahoo. This one really screws with the filters, but that's fine with the spammers. After all, live and let spam has become part of the spammers' business model. When you think your marginal cost is effectively zero, there's no problem with another million spam messages. One more sucker? Divide by zero and the RoI still looks like infinity, and the marginal cost to all the other suckers is certainly not bothering the spammer's nap time.

    I'll bounce a possible answer at you on the theory that you might have some personal friends and influence at Yahoo, possibly even including this Marissa Mayer person. I really would like to see Yahoo survive. Nothing personal about Yahoo, but just as a matter of giving us more meaningful freedom and for the sake of increasing the value of the Internet for all of us.

    In the case of Yahoo, I think their focal point and the locus of any recovery has to be their email system. What is the #1 problem with email? SPAM. The spammers divide-by-zero economic models must be thoroughly broken. That's not to suggest that the spammers can ever become decent human beings. You don't have to be a sociopath to be a major businessman in America, but it is an absolute requirement to be a spammer. I'm just saying that we can and should push the spammers under less visible rocks, and the best way to do that is to make spamming much less profitable.

    What I suggest is that Yahoo should integrate a REAL anti-spam system into their email system. Something like SpamCop, but on steroids. If you're familiar with SpamCop, you know that it does an automatic parse of the spam and asks for confirmation before sending complaints to the spammers' ISPs and webhosts. What I'm suggesting is several rounds of analysis and increasingly refined confirmations and targeting that would route complaints to ALL parts of the spammers' infrastructure, pursue and harass ALL of the spammers' accomplices, and help and protect ALL of the spammers' victims. Of course the webforms should always have "other" options for the spammers' new attempts, like this new calendar scam. The email system can give recognition for effective spam fighting--I just want to be a spam fighter first class. (I don't want to criticize SpamCop, but the truth is that they lost their fire after Cisco acquired them... I feel like they are no longer improving, but barely surviving.)

    Let's remember that there are a LOT of people who hate spam and only a tiny number of idiots that send money to the spammers. If it is made easier for the large number of people to fight spam, then a few of them will join in, and that will immediately make it MUCH harder for the spammers to reach their suckers. Also remember that the spammers cannot obfuscate the parts of the spam that have to be understood by human beings.

    Good luck, Mr. Phelps. If you fail to save Yahoo, the secretary will disavow any knowledge of your actions. If you succeed, the secretary would appreciate a tip of the hat in hopes of getting some leverage on other projects...

    1. Ed_UK
      Big Brother

      Re: Live and let spam is NOT a solution (Yahoo rant)

      "I really would like to see Yahoo survive."

      I don't like Yahoo because of their attitude to spammers. Their fine AUP and their (lack of) action do not correlate.

      Back when they had a working abuse@ address, reporting a spammer who was offering an dropbox always got a rubber-stamp reply of "The spam didn't come from our system therefore not our problem."

      Then, I had to point out that if they had bothered to read the reported spam, they would see that the spammer was using an account FOR REPLIES. It was always hard to get any kind of response from a human.

      Then, Yahoo abolished the abuse@ account, and make us fill out a web-form. Spam reports disappeared into a black hole.

      Now, if you try to follow their links to "Report abuse/spam" there is just the advice to "Click the Spam Button."

      Well, I've been using Thunderbird for my email for many years and I have yet to find this Spam button.

      Yahoo do not want to be contacted. They have shut all the doors and windows to ensure that they do not hear about the Nigerian banker who wants to share his millions with me, just for replying to Stuff 'em.

  4. Anonymous Coward
    Anonymous Coward

    String them up

    Then cut them off.

  5. General Pance

    For the last few years I've been getting around 60 messages per day from one bot network. All the domains are registered by Moniker and Enom; they must register at least 100 a day.

    Rarely watches and Viagra, this one does stuff like Raspberry Ketone, travel deals, loan advances and discount coupons. About ten different themes, spread across multiple slight variations. Every day without fail they come in around the time the USA gets out of bed.

    Surely whoever's behind this insanity understands that this isn't marketing it's an attack that will take down an email address. But the same emails keep coming. Day after day after day.

This topic is closed for new posts.

Other stories you might like