Spam industry recovers from Grum

It seems that the spam industry has quickly recovered from the death of the Grum botnet.

Troy Gill, a security analyst with AppRiver, told SecurityWeek that it only took the spam industry a week to recover from the loss of Grum. While Grum itself is as dead as a dodo, spam levels remain the same.

It might have something to do with the fact that spammers have moved away from big botnets for spam delivery in favour of smaller more easily managed botnets.

This means that if one is taken out, it makes very little impact to spam levels. Spam customers just go elsewhere and find another supplier.

But Grum showed that there needed to be a change of tactics from those security companies that want to kill off the spammers. While they managed to take down Grum they did not stop the techniques the operators had used to infect victims and build the botnet in the first place. The shut down has yet to create any arrests.

Instead Grum’s operators were allowed to learn from their mistakes and worked out how the security companies tracked them.

According to Gunter Ollmann, vice-president of research at Damballa, the new improved botnets are proving a major headache because they are protected from the errors that allowed the coppers to find their command and control servers.