Success in the fight against botnets

A botnet is a network of zombie computers infected with malware. The hackers’ aim in taking remote control of all these PCs is to carry out several illicit activities without the owners’ knowledge. Successful botnet dismantling operations reinforce the global fight against spam.

Hackers remotely control the botnet network using a central server. Among the actions they can carry out are mass spamming, reading users’ personal data, executing and modifying a program, attacking a server in a targeted way and so on. Hackers use the http protocol to link all infected computers together.

The Waledac botnet distributes almost 1.5 billion spam messages worldwide every day. Created in 2008, it was able to infect several hundred thousand PCs in just two years. This botnet network specializes in sending massive amounts of spam, according to a computer security company. Although Microsoft announced the decommissioning of the Waledac botnet during the first quarter of 2010, experts have not recorded any decrease in spam during this period.

Rustock was a botnet of nearly a million zombie computers. In its four years of existence, it has generated around 47% of the world’s spam, i.e. several million spam messages sent to users every day. At the end of the first quarter of 2011, Microsoft announced its final demise. This situation saved users who had been under Rustock ‘s thumb for several years.

The decapitation of this malware required the implementation of an operation called “b107”. It brought together a number of entities, including academics, industrialists and the relevant authorities. Several investigations were carried out in various countries, including a raid on 5 hosting companies based in the USA. Microsoft hopes that the seized hard drives will lead experts to a list of computers infected by the Rustock malware. Its disappearance reduced the number of spam messages registered worldwide for some time.

Towards the end of July 2012, a company specializing in IT security announced the destruction of the Grum botnet. This network of zombie PCs generated almost 18% of the world’s spam during its 4 years of existence. The hackers have set up their servers in 4 countries: Russia, the Netherlands, Ukraine and Panama. Several entities from these nations contributed to its dismantling.

The operation began by shutting down the CnC servers of the Grum botnet based in the Netherlands. Although a few infected computers have already been removed, the rest could only be stopped when the servers in Panama and Russia were neutralized. This vast operation paralyzed almost 80% of the Grum botnet network.

As reported in our article: here, this fight is bearing fruit…