Entries filed under 'Grum'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    Grum—New segement came and gone

    By Atif Mushtaq
    Back in July, with the help of Spamhaus and CERT-GIB, FireEye took down Grum, one of the world's largest spam botnets. The whole shutdown operation was like a roller coaster ride and is explained in my previous blog posts here and here. Apart from an unsuccessful recovery attempt made by the bot herders a few days after the takedown, we never noticed any movement from the opposite side. Apparently the Grum guys Read more...


    Grum Recap

    By Atif Mushtaq
    For a quick recap, here is a list of Grum CnCs. Some of these IPs were mentioned in my previous posts (1, 2, and 3), but I would like to summarize everything in one table. Based on the data from the last 30 days, below are the Grum CnC IPs along with their ISP information. IP IPS/Colo Status 190.123.46.91 190.123.46.91 Panamaserver Panamaserver Dead Dead 195.190.13.150 195.190.13.150 SteepHost DC-UA SteepHost DC-UA Dead Dead Read more...


    Grum CnCs—Just a few more to go

    By Atif Mushtaq
    This post was updated on July 17, 2012, at 3:15 PM. Last week, I wrote an article covering various aspects of a large spam botnet named Grum. This article mainly covered the current command and control (CnC) coordinates of this botnet. The intention behind this article was not only to share this information for a general awareness, but also to invite the research community to come forward to take down this spam Read more...


    Killing the Beast - Part 5

    By Atif Mushtaq
    Back in 2009, I started writing a series of articles called "Killing the Beast." These articles were primarily focused on the command and control (CnC) coordinates of popular spam botnets. These articles not only provided readers greater visibility into these spam botnets, but also served as the basis for two botnet takedowns. So far, four articles under this series have been published. After a long time, I have decided to write the Read more...


    NOC4HOSTS and the Grum Botnet

    By Alex Lanstein
    Update: As of 12/08, Jay from HiVelocity took the necessary steps to get these Command and Control servers shutdown.  The FE research team thanks him and his team profusely for their efforts.  Individual verification of customers is nearly impossible for a facility of their size, so we appreciate any efforts they can make after the fact.  We'd also like to thank Ross Thomas from SophosLabs and Phil Hay from Marshal TRACE for Read more...