The Grum botnet, also known by its alias Tedroo and Reddyb, was a botnet mostly involved in sending pharmaceutical spam e-mails.[1] Once the world's largest botnet, Grum can be traced back to as early as 2008.[2] At the time of its shutdown in July 2012, Grum was reportedly the world's third largest botnet,[3] responsible for 18% of worldwide spam traffic.[4][5]
Grum relies on two types of control servers for its operation. One type is used to push configuration updates to the infected computers, and the other is used to tell the botnet what spam emails to send.[6]
In July 2010, the Grum botnet consisted of an estimated 560,000–840,000 computers infected with the Grum rootkit.[7][8] The botnet alone delivered about 39.9 billion[9] spam messages in March 2010, equating to approximately 26% of the total global spam volume, temporarily making it the world's then-largest botnet.[10][11] Late in 2010, the botnet seemed to be growing, as its output increased roughly by 51% in comparison to its output in 2009 and early 2010.[12][13]
It used a panel written in PHP to control the botnet.[14]
^Atif Mushtaq (2012-07-09). "Killing the Beast - Part 5". FireEye. Retrieved 2012-07-11.
^Mushtaq, Atif (2012-07-18). "Grum, World's Third-Largest Botnet, Knocked Down | FireEye Blog". Fireeye.com. Archived from the original on 2014-01-17. Retrieved 2014-01-09.
^"Huge spam botnet Grum is taken out by security researchers". BBC News. 19 July 2012.
^"Researchers Say They Took Down World's Third-Largest Botnet". New York Times. 2012-07-18. Retrieved 2012-07-18.
^"One of the world's largest spam botnets still alive after suffering significant blow". IDG. 2012-07-17. Archived from the original on 2018-11-30. Retrieved 2012-07-17.
^"Research: Small DIY botnets prevalent in enterprise networks". ZDNet. Retrieved 2010-07-30.
^"MessageLabs Blog - Evaluating Botnet Capacity". Messagelabs.com.sg. Archived from the original on April 18, 2013. Retrieved 2010-07-30.
^"Which Botnet Is Worst? Report Offers New Perspective On Spam Growth - botnets/Security". DarkReading. 30 September 2009. Retrieved 2010-07-30.
^"Grum and Rustock botnets drive spam to new levels". Securecomputing.net.au. 2010-03-02. Archived from the original on 2010-12-07. Retrieved 2010-07-30.
^Whitney, Lance (2010-03-02). "Botnets cause surge in February spam | Security - CNET News". News.cnet.com. Retrieved 2010-07-30.
^James Wray and Ulf Stabe (2010-03-01). "Spam volumes surge thanks Grum and Rustock botnets - Security". Thetechherald.com. Archived from the original on 2010-07-21. Retrieved 2010-07-30.
^"MessageLabs: Botnets a threat to email marketing - Email Marketing". BizReport. 2009-09-30. Retrieved 2010-07-30.
^Brian Krebs (2012-08-20). "Inside the Grum botnet".
The Grumbotnet, also known by its alias Tedroo and Reddyb, was a botnet mostly involved in sending pharmaceutical spam e-mails. Once the world's largest...
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS)...
Washington. In July 2012, FireEye was involved in the analysis of the Grumbotnet's command and control servers located in the Netherlands, Panama, and...
widely documented that the Emotet authors have used the malware to create a botnet of infected computers to which they sell access in an Infrastructure-as-a-Service...