MILPITAS, CA — (Marketwire) — 07/20/12 — FireEye®, Inc., the leader in stopping advanced targeted attacks, announced that it has , in a collaborative effort with CERT-GB, SpamHaus, local Internet Service Providers (ISPs), and others in the community. Responsible for roughly 18 billion spam messages each day, which experts estimate to be 18 to 35 percent of global spam, the four-year-old Grum botnet included a network of hundreds of thousands of infected computers. Spam volume from another major botnet, Lethic, also plunged overnight as the operators of that botnet may have gone underground. Since the takedown on Wednesday, worldwide spam levels have reached a new low.
The FireEye-led takedown began last Monday when FireEye researchers the globally distributed servers controlling the hundreds of thousands of infected computers. By Tuesday, working with a Dutch ISP, the Grum botnet-s command and control (CnC) servers based in the Netherlands were . Then, the collaborative effort began as FireEye worked with others in the community to pursue and take down the servers located in Panama and Russia. Throughout Tuesday evening and Wednesday, the cybercriminals responded by building a half dozen new CnC servers in Ukraine to salvage the remainder of the Grum botnet. Working with Russian and Ukranian ISPs and others in the community, the FireEye team, led by senior staff scientist Atif Mushtaq, orchestrated the shutdown of the remaining CnC servers on Wednesday, signaling the botnet-s ultimate demise.
“As the leading company focused on stopping advanced cyber attacks, FireEye is uniquely positioned to garner deep insight into some of the world-s most prolific and widespread attacks,” said Ashar Aziz, FireEye founder, CEO, and CTO. “We have an important responsibility to act swiftly and responsibly to shut down malicious operations whenever we can. The Grum botnet is just one instance of this activity. We will continue to lead collaborative efforts to help rid the world of organized cybercrime.”
“Because of how the malware was written for Grum, when the master servers were killed, the infected machines could no longer send spam or communicate with a new server,” said Mushtaq. “Botnet herders would have to start from scratch and infect hundreds of thousands of new machines to get something like Grum started again.”
The Grum botnet is the fourth global botnet takedown in which FireEye has been heavily involved in the last four years. Led by the FireEye research team and leveraging the and proprietary signature-less analysis technology, the company has also played a key role in taking down the Rustock, Ozdok/Mega-D, and Srizbi botnets since 2008.
For more information about the FireEye-led takedown of the Grum botnet, visit .
FireEye is the that use advanced malware, zero-day exploits, and APT tactics. The FireEye solutions supplement traditional and next-generation firewalls, IPS, anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks. FireEye offers the industry-s only solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners, and Juniper Networks.
FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.
FireEye
Lisa Matichak
+1.408.321.6300
LEWIS Pulse
Katherine Nellums
+1.415.432.2451
You must be logged in to post a comment Login