Entries filed under 'Spam'

Threat Research Blog

FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.


    Grum—The Money Factor

    By Atif Mushtaq
    As expected, the operators behind Grum are trying their best to reclaim their botnet. In the absence of any built-in fallback mechanisms, the bot herders used another fallback mechanism that is called money. Over the weekend we found that the Ukrainian ISP SteepHost removed the null route on three CnCs that were taken down last week. We suspect the bot herders must have paid a large amount of money in order to Read more...


    Grum Recap

    By Atif Mushtaq
    For a quick recap, here is a list of Grum CnCs. Some of these IPs were mentioned in my previous posts (1, 2, and 3), but I would like to summarize everything in one table. Based on the data from the last 30 days, below are the Grum CnC IPs along with their ISP information. IP IPS/Colo Status 190.123.46.91 190.123.46.91 Panamaserver Panamaserver Dead Dead 195.190.13.150 195.190.13.150 SteepHost DC-UA SteepHost DC-UA Dead Dead Read more...


    Grum, World's Third-Largest Botnet, Knocked Down

    By Atif Mushtaq
    I am glad to announce that, after three days of effort, the Grum botnet has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned. How it all happened is a long story, but I would like to summarize it for you.The state of the Grum botnet has changed since we last talked (see previous posts here and here for a look back). On July 16, I reported Read more...


    Grum CnCs—Just a few more to go

    By Atif Mushtaq
    This post was updated on July 17, 2012, at 3:15 PM. Last week, I wrote an article covering various aspects of a large spam botnet named Grum. This article mainly covered the current command and control (CnC) coordinates of this botnet. The intention behind this article was not only to share this information for a general awareness, but also to invite the research community to come forward to take down this spam Read more...


    Silent Rustock

    By Atif Mushtaq
    There has been a significant observed drop in worldwide SPAM levels during the last month or so.  M86 thinks it's due to Rustock, the world's largest spam botnet, suddenly stopped sending spam for unknown reasons.   McAfee has expressed a different point of view. According to them, the steep drop in spam levels is due to recent attempts to shutdown Pushdo.D, another famous spam botnet.  It's clear that spam levels are dropping, so Read more...