Computer security experts on Wednesday revealed that they had successfully taken down Grum, the world’s third-largest botnet, which was responsible for roughly 18% of global spam, according to The New York Times. According to CNNMoney, that figure could be as high as 50%. The security experts were able to block the botnet’s command and control servers in both the Netherlands and Panama. While the service was successfully shut down, it wasn’t long before Grum’s architects set up seven new command and control centers throughout Russia and Ukraine. The team, however, was able to successfully block those servers, too.
The researchers were able to kill the botnet again by tracing it back to its servers and alerting various Internet service providers. Most botnets are able to come back online within weeks, however the team still counts the shutdown as a massive win.
“It’s not about creating a new server. They’d have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again,” said Atif Mushtaq, a computer security specialist at FireEye. “They’d have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server.”