According to CNN and a couple of other sites this week, 50% of the world’s spam has disappeared from the face of our little green and blue ball of dirt, thanks to the takedown of yet another botnet, this time a nasty little fella named Grum.
According to CNN, Atif Mushtaq, a senior scientist at security firm FireEye, the company responsible for taking Grum offline, stated that:
“about 50% of the worldwide spam is gone.”
Now, before you celebrate by logging out of Facebook and donning your water wings – stop. As sexy a number as 50% is, unfortunately it appears to be wrong.
Most reports have the number at a more realistic, less sexy sounding 17% or so, suggesting that CNN must have employed NASA scientists who falsely assumed that the time difference between California (where FireEye is located) and Atlanta (where CNN is located) means that percentages are subject to some sort of Metric to U.S. conversion. It leads to a whole debate on getting one’s facts straight and taking a deep breath before hitting the ‘publish’ button, but that’s a debate for another day.
The fact still remains that FireEye did disable Grum’s C&C servers this week. According to articles not subject to NASA scientists and sensationalist reporting, Grum is the world’s third largest spam network, responsible for about 17% of the spammy goodness invading your Inbox each day. It was a little dicey at first, according to FireEye, when servers that were shut down in Panama and Russia were quickly replaced by new servers in the Netherlands and the Ukraine. Along with Spamhaus, the Russian computer security incident response team CERT-GIB, and an anonymous researcher known only as Nova7, FireEye was able to convince the affected ISPs (and in the case of Russa, an upstream provider) to null route the site’s IP addresses, and voila! No more Grum, for now, anyway.
The shutdown represents the unceremonious end of a botnet that’s been skulking around since 2008, an unusually long time for a botnet. As late as earlier this year, Grum was responsible for about a third of the world’s spam, according to Mushtaq. But at the time of the takedown, Grum was reported to be shoveling 17.4% of the Internet’s crap:
“making it the world’s third most active spam botnet after Cutwail and Lethic,” Mushtaq wrote. He highlights some of the high points and low points of Grum and the difficulties encountered in taking it down, for example, employing the assistance of countries like Russia, Panama, and the Netherlands, where “authorities historically have been reluctant when dealing with abuse notifications.”
Ultimately, Mushtaq doesn’t regard Grum’s shuttering as much of a challenge.
“If I were to rank Grum’s takedown difficulty level from one to five where five is the most difficult, I would give Grum a two,” he stated.
He goes on to wax poetic about a spam free world, perhaps in a moment better suited for a beauty pageant:
“Can we dream of a junk-free mailbox? In my opinion, taking down the top three spam botnets—Lethic, Cutwail, and Grum—is enough for a rapid and permanent decline in worldwide spam level.”
Nice thought. Maybe he’ll get the Miss Congeniality prize.
Now it’s time for you to weigh in. Are you seeing dramatic drops in spam volumes?