If the IT world were to conduct a beauty pageant, it’s easy to imagine how it would play out. First, there would be exhaustive and contentious discussions where pageant organizers explained to the male IT people that it wasn’t in the best interest of their fragile egos and computer screen tans to participate. Once the contestants were sorted out, there’d be the talent portion (list port numbers from 1-1024 along with their functions), the swimsuit competition (water wings and goofy goggles are allowed), and then there’d be the portion of the show where the contestants have a chance to state their vision for a safe and happy world. It might go something like this:
“I envision a world where we can scrape together enough money so that every iPhone user, the poor souls, get an Android device. I see a world where ISP uptime and downtime are actually what’s stated on the contract , with no latency. I also want a world where 50% of the world’s spam is eradicated, and replaced with non-threatening e-mails picturing puppies and the babes of Star Trek.”
That’s a rough approximation of what it might go like, but one of those wishes might have actually come true. Can you guess which one? Of course you can, because you cheated and read the headline of this story. According to CNN and a couple of other sites this week, 50% of the world’s spam has disappeared from the face of our little green and blue ball of dirt, thanks to the takedown of yet another botnet, this time a nasty little fella named Grum.
According to CNN, Atif Mushtaq, a senior scientist at security firm FireEye, the company responsible for taking Grum offline, stated that “about 50% of the worldwide spam is gone.” Now, before you celebrate by logging out of Facebook and donning your water wings, stop. As sexy a number as 50% is, unfortunately it appears to be wrong.
Most reports have the number at a more realistic, less sexy sounding 17% or so, suggesting that CNN must have employed NASA scientists who falsely assumed that the time difference between California (where FireEye is located) and Atlanta (where CNN is located) means that percentages are subject to some sort of Metric to U.S. conversion. It leads to a whole debate on getting one’s facts straight and taking a deep breath before hitting the ‘publish’ button, but that’s a debate for another day.
The fact still remains that FireEye did disable Grum’s C&C servers this week. According to articles not subject to NASA scientists and sensationalist reporting, Grum is the world’s third largest spam network, responsible for about 17% of the spammy goodness invading your Inbox each day. It was a little dicey at first, according to FireEye, when servers that were shut down in Panama and Russia were quickly replaced by new servers in the Netherlands and the Ukraine. Along with Spamhaus, the Russian computer security incident response team CERT-GIB, and an anonymous researcher known only as Nova7, FireEye was able to convince the affected ISPs (and in the case of Russa, an upstream provider) to null route the site’s IP addresses, and voila! No more Grum, for now, anyway.
The shutdown represents the unceremonious end of a botnet that’s been skulking around since 2008, an unusually long time for a botnet. As late as earlier this year, Grum was responsible for about a third of the world’s spam, according to Mushtaq. But at the time of the takedown, Grum was reported to be shoveling 17.4% of the Internet’s crap, “making it the world’s third most active spam botnet after Cutwail and Lethic,” Mushtaq wrote. He highlights some of the high points and low points of Grum and the difficulties encountered in taking it down, for example, employing the assistance of countries like Russia, Panama, and the Netherlands, where “authorities historically have been reluctant when dealing with abuse notifications.”
Ultimately, Mushtaq doesn’t regard Grum’s shuttering as much of a challenge. “If I were to rank Grum’s takedown difficulty level from one to five where five is the most difficult, I would give Grum a two,” he stated. He goes on to wax poetic about a spam free world, perhaps in a moment better suited for a beauty pageant. “Can we dream of a junk-free mailbox? In my opinion, taking down the top three spam botnets—Lethic, Cutwail, and Grum—is enough for a rapid and permanent decline in worldwide spam level.” Nice thought. Maybe he’ll get the Miss Congeniality prize.
Now it’s time for you to weigh in. Are you seeing dramatic drops in spam volumes?