The botnet is primarily used to deliver other malware in different attack campaigns.
The Necurs botnet is operated by a Russia-based threat actor group.
The powerful Necurs botnet has been around in the cybersecurity threat landscape since the time of its discovery. In Q4 2017, a report from McAfee had revealed that Necurs along with Gamut botnet had compromised 97% of spam botnet traffic. The botnet is primarily used to deliver other malware in different attack campaigns.
Background
The Necurs botnet is operated by a Russia-based threat actor group who is responsible for stealing millions of dollars using Dridex banking trojan and more recently the Locky ransomware. The botnet has been active since late 2012. With the passing years, the botnet has become one of the world’s largest botnets that can infect more than 6 million machines at a time.
How widespread is the botnet?
Research by Cisco Talos had revealed that they were about 32 distinct spam campaigns sent by Necurs between August 2017 and November 2017. These campaigns were launched via phishing emails sent from almost 1.2 million distinct IP addresses in over 200 countries and territories. Most of these IP addresses were found to be concentrated in India, Vietnam, and Iran.
According to a report, McAfee has noted that the botnet was the second-most prevalent spam botnet after Gamut in the Q3 of 2018.
Since its inception in 2012, Necurs operators have periodically diversified their methods to monetize their nefarious activities. In 2013, Necurs was identified as a rootkit that was used to spread the Zeus banking trojan. By 2014, the botnet was evolved to distribute ransomware such as Cr ..
Support the originator by clicking the read the rest link below.
