Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":403,"date":"2015-07-22T15:08:15","date_gmt":"2015-07-22T15:08:15","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=403"},"modified":"2019-04-17T11:49:06","modified_gmt":"2019-04-17T11:49:06","slug":"50-of-the-worlds-spam-gone","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2015\/07\/22\/50-of-the-worlds-spam-gone\/","title":{"rendered":"Is 50% of the World\u2019s Spam Gone?"},"content":{"rendered":"

$\"350930-grum-rostock\"$ If the IT world were to conduct a beauty pageant, it\u2019s easy to imagine how it would play out. First, there would be exhaustive and contentious discussions where pageant organizers explained to the male IT people that it wasn\u2019t in the best interest of their fragile egos and computer screen tans to participate. Once the contestants were sorted out, there\u2019d be the talent portion (list port numbers from 1-1024 along with their functions), the swimsuit competition (water wings and goofy goggles are allowed), and then there\u2019d be the portion of the show where the contestants have a chance to state their vision for a safe and happy world. It might go something like this:<\/p>\n

\u201cI envision a world where we can scrape together enough money so that every iPhone user, the poor souls, get an Android device. I see a world where ISP uptime and downtime are actually what\u2019s stated on the contract , with no latency. I also want a world where 50% of the world\u2019s spam is eradicated, and replaced with non-threatening e-mails picturing puppies and the babes of Star Trek.\u201d<\/em><\/p>\n

That\u2019s a rough approximation of what it might go like, but one of those wishes might have actually come true. Can you guess which one? Of course you can, because you cheated and read the headline of this story. According to CNN<\/a> and a couple of other sites<\/a> this week, 50% of the world\u2019s spam has disappeared from the face of our little green and blue ball of dirt, thanks to the takedown of yet another botnet, this time a nasty little fella named Grum.<\/p>\n

According to CNN, Atif Mushtaq, a senior scientist at security firm FireEye, the company responsible for taking Grum offline, stated that “about 50% of the worldwide spam is gone.” Now, before you celebrate by logging out of Facebook and donning your water wings, stop. As sexy a number as 50% is, unfortunately it appears to be wrong.<\/p>\n

Most reports<\/a> have the number at a more realistic, less sexy sounding 17% or so, suggesting that CNN must have employed NASA scientists who falsely assumed that the time difference between California (where FireEye is located) and Atlanta (where CNN is located) means that percentages are subject to some sort of Metric to U.S. conversion<\/a>. It leads to a whole debate on getting one\u2019s facts straight and taking a deep breath before hitting the \u2018publish\u2019 button, but that\u2019s a debate for another day.<\/p>\n

The fact still remains that FireEye did<\/em> disable Grum\u2019s C&C servers this week. According to articles not subject to NASA scientists and sensationalist reporting<\/a>, Grum is the world\u2019s third largest spam network, responsible for about 17% of the spammy goodness invading your Inbox each day. It was a little dicey at first, according to FireEye, when servers that were shut down in Panama and Russia were quickly replaced by new servers in the Netherlands and the Ukraine. Along with Spamhaus, the Russian computer security incident response team CERT-GIB, and an anonymous researcher known only as Nova7, FireEye was able to convince the affected ISPs (and in the case of Russa, an upstream provider) to null route the site\u2019s IP addresses, and voila! No more Grum, for now, anyway.<\/p>\n

The shutdown represents the unceremonious end of a botnet that\u2019s been skulking around since 2008, an unusually long time for a botnet. As late as earlier this year, Grum was responsible for about a third of the world\u2019s spam, according to Mushtaq<\/a>. But at the time of the takedown, Grum was reported to be shoveling 17.4% of the Internet\u2019s crap, \u201cmaking it the world’s third most active spam botnet after Cutwail and Lethic,\u201d Mushtaq wrote. He highlights some of the high points and low points of Grum and the difficulties encountered in taking it down, for example, employing the assistance of countries like Russia, Panama, and the Netherlands, where \u201cauthorities historically have been reluctant when dealing with abuse notifications.\u201d<\/p>\n

Ultimately, Mushtaq doesn\u2019t regard Grum\u2019s shuttering as much of a challenge. \u201cIf I were to rank Grum’s takedown difficulty level from one to five where five is the most difficult, I would give Grum a two,\u201d he stated. He goes on to wax poetic about a spam free world, perhaps in a moment better suited for a beauty pageant. \u201cCan we dream of a junk-free mailbox? In my opinion, taking down the top three spam botnets\u2014Lethic, Cutwail, and Grum\u2014is enough for a rapid and permanent decline in worldwide spam level.\u201d Nice thought. Maybe he\u2019ll get the Miss Congeniality prize.<\/p>\n

Now it\u2019s time for you to weigh in. Are you seeing dramatic drops in spam volumes?<\/p>\n","protected":false},"excerpt":{"rendered":"