Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent.
However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes.
Considering that users never saw Grum-delivered spam to begin with, the lack of an impact is not surprising, security researcher Mary Landesman said.
"The 'Takedown' was ineffectual," Gunter Ollmann said, as it shut down servers but did nothing to stop the techniques the operators had used to infect victims and build the botnet in the first place, nor did it result in the arrests of the actual criminals.