Botnets are a lot like dandelions; you think they're dead and then when you're not looking they pop right back up. It's happened time and again in the malware ecosystem and the latest member of the undead botnet society is Grum
, which was only just taken down last week. Over the weekend several of the command-and-control servers used by the Grum botmasters reappeared in Ukraine.
Researchers at FireEye, who have been closely involved in the takedown of the Grum botnet, found that within the last couple of days, three of the C&C servers used by the botnet were brought back online. Those servers are located in Ukraine and, like the others associated with Grum, had been taken offline last week in an effort to disable Grum. There were additional C&C servers located in the Netherlands and Panama, but those have not been active again.