Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Festi spamming botnet surges as Grum declared dead

Festi now sending as many spam emails as the Cutwail botnet

Article comments

Festi, a relatively new botnet, has taken up the slack left by the shutdown in July of another major spamming botnet called Grum, according to the junk mail fighting organisation Spamhaus.

The Festi botnet, also called Spamnost, has surged since the demise of Grum. Spamhaus counts at least 250,000 unique IP addresses showing signs of a Festi infection, up from around 20,000 unique IP addresses preceding Grum's takedown by security researchers.

"Since the beginning of July, the Spamhaus XBL [Exploit Block List] has seen a huge increase in Festi spamming activities," said Spamhaus' Thomas Morrison. "At the peak, during one 24-hour period the XBL detected nearly 300,000 IP addresses that were infected with Festi, out of a total of one million that were infected with some sort of spam-sending bot.

"The sheer volume of Festi spam overwhelmed spam detection processes at some security organisations," he said.

Spamhaus provides its XBL list to email service providers, which use it to block IP addresses that have been found to deliver malware or spam.

Festi, which Symantec detected in December 2011, is now competing with Cutwail to be the most prolific spamming botnet. Festi's rise follows a familiar pattern: As security researchers, vendors and law enforcement have notched more successes in technically interfering with botnets and taking their infrastructure offline, spammers quickly move to other botnets.

Grum, which was sending 18 billion spam messages daily, was the latest major botnet to be shut down. Spamhaus collaborated with security vendors FireEye and the Russian company Group-IB.

Grum's command-and-control servers in Panama and the Netherlands were taken offline. Grum operators quickly set up command-and-control servers in the Ukraine, suing one of the remaining servers in Russia to redirect the infection bots.

The hosting company for the Russian server did not respond to takedown requests, so its ISP dealt the final blow by halting traffic intended for the server.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *