Jump to content

Quiet since july 17th: takedown of Grum botnet


Recommended Posts

Many more links via http://www.sciencenewsdaily.org/internet-n...uster182523408/

Interesting, if the "third largest" botnet being shut down has such a marked effect. But (A) it is supposed the spammers/most spammers hire botnet capacity to do their sending, implying their distribution lists are intact and they just move to the second largest or the fourth largest next to continue. But (Β) the last time a big botnet got taken down some (even most) members reported a huge and lasting reduction in their spam. I would be plumping for option (Β) :D .

Link to comment
Share on other sites

Hi, all!

Well, I'm not sure which column I'm in, but I had been getting

no more than one or two spams a day, until yesterday afternoon,

at least. :(

Whichever botnet it was that was taken down, it, or a replacement,

is up and running again. :(

For a period of about 12 hours from about 4:00pm yesterday afternoon,

to about 4:00am this morning, (Sydney, Australia UTC+10:00), I received

about 160 spams, and all except two or three of them were for fake meds.

That's an average of about 13 spams per hour, but during some one-hour

periods, the actual number received was about 25 - 30 in certain periods.

It seems to have stopped for the moment, but I expect another big

run to start later this afternoon.

That is what happened a few weeks ago, when SpamCop reporting

was experiencing big problems, which, fortunately, seem to have been

fixed. :)

I expect this run to last about 3 days, as it did last time.

Has anyone else experienced this?

Reporting was quick and efficient, no delays from SpamCop, which is good

for me, because the spams are all in a Gmail account, so I have to report

each one individually, which takes quite a bit of time.

Also, I noticed that the vast majority of the spams contained links which SpamCop

was unable to resolve. They are the same website names as the run of a couple

of weeks ago, but with two differences: they are in a different TLD, and the domain

name was prefixed in each one by some kind of gibberish, a weird, apparently

random mixture of upper and lower case characters.

I'm wondering what this means. Perhaps they are some kind of code which would

let the spammer know which email address was visiting the website. Any ideas?

Of the domains which were able to be resolved, none had a reporting address, and,

as with the originating address of a large number of the spams, the reports were

all sent to nomaster[at]devnull[dot]spamcop[dot]net.

I reckon at least 75% of the spams in this latest run were unreportable, either as to

the originating addresses or the spamvertised domains.

It never ends, does it? :(

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...