Entries filed under 'Spam'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    Grum Recap

    By Atif Mushtaq
    For a quick recap, here is a list of Grum CnCs. Some of these IPs were mentioned in my previous posts (1, 2, and 3), but I would like to summarize everything in one table. Based on the data from the last 30 days, below are the Grum CnC IPs along with their ISP information. IP IPS/Colo Status 190.123.46.91 190.123.46.91 Panamaserver Panamaserver Dead Dead 195.190.13.150 195.190.13.150 SteepHost DC-UA SteepHost DC-UA Dead Dead Read more...


    Grum, World's Third-Largest Botnet, Knocked Down

    By Atif Mushtaq
    I am glad to announce that, after three days of effort, the Grum botnet has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned. How it all happened is a long story, but I would like to summarize it for you.The state of the Grum botnet has changed since we last talked (see previous posts here and here for a look back). On July 16, I reported Read more...


    Grum CnCs—Just a few more to go

    By Atif Mushtaq
    This post was updated on July 17, 2012, at 3:15 PM. Last week, I wrote an article covering various aspects of a large spam botnet named Grum. This article mainly covered the current command and control (CnC) coordinates of this botnet. The intention behind this article was not only to share this information for a general awareness, but also to invite the research community to come forward to take down this spam Read more...


    Silent Rustock

    By Atif Mushtaq
    There has been a significant observed drop in worldwide SPAM levels during the last month or so.  M86 thinks it's due to Rustock, the world's largest spam botnet, suddenly stopped sending spam for unknown reasons.   McAfee has expressed a different point of view. According to them, the steep drop in spam levels is due to recent attempts to shutdown Pushdo.D, another famous spam botnet.  It's clear that spam levels are dropping, so Read more...


    Cimbot - A Technical Analysis

    By Julia Wolf
    Personal ExpositionI was recently sent a .pcap file of a bot's C&C communications. Every 182seconds, the bot would download a GIF file from vazasaki-ji.info(91.211.65.180 as of Mar 11, 2009). These GIF files however are notwell-formed — that is to say, it's a GIF89a header, followed by a lotof random gibberish.At last! Something interesting and clever (this will make a good blogpost). I've been wondering why ittook so long for the bot authors Read more...