The netherlands has two command and controlservers of the botnet Grum offline. In Panama and Russia are still Grum servers operational. The botnet at the beginning of this year, responsible for 33 percent of all spam.
The botnet Grum would already since 2008, are active through servers in the Netherlands, Panama and Russia. The Dutch authorities now have a number of servers offline, which allows the botnet, according to security company FireEye, a ‘big battle’ is inflicted.
The probable ip addresses of the servers in the name of the Dutch hoster Ecatel. Ecatel confirms that the ip addresses are actually the hosting company accessories, but says that the mid-July ‘own motion’ has decided the ip addresses of the botnet nullrouten. Ecatel is more often associated with lax enforcement against malicious clients. So blocked the U.s. government in 2010 because of copyright infringement, various sites at Ecatel hosted. Hostexploit, an open-source organization that internetmisbruik fights, called the Dutch hoster ‘cybercrime-friendly’.
“It’s not a complete victory. The servers in Panama and Russia are still very much alive,” said Atif Mushtaq of FireEye. Also would be a risk that the owner will try the botnet with a global update to resuscitate. In the Netherlands, and downed servers were so-called secondary servers, in charge of spam-related activities. The more important master-servers are located in Panama and Russia. With the master systems the spammers and the botnet manage.
Mushtaq said last week that “the Dutch authorities have historically been reluctant with responding to reports of abuse’. This time he thanks the Dutch authorities to demand for their quick response. The High Tech Crime Unit was not available for questions of Tweakers.net about the take down of the botnet servers.
Update, 18 July 2012: response Ecatel, with respect to nullrouten added.