Necurs Spam Botnet Allows Cybercriminals Spread Their Own Malicious Campaigns

In 2017 Necurs and Gamut botnets comprised 97% of spam botnet traffic. Necurs (at 60%) is currently the world’s largest spam botnet. The infected computers operate in a peer-to-peer model, with limited communication between the nodes and the control servers. Cybercriminals can rent access to the botnet to spread their own malicious campaigns.

It's looking extremely likely that another major Necurs malware outbreak is looming just around the corner.

To recap for the less initiated, Necurs is the king of botnets. If you look at Necurs over the last two years, a clear pattern leaps out with respect to the ebb and flow of activity.

It's been active since 2012, has an estimated 6 million ‘bots’ at its disposal, and when active, accounts for 90% of all global malware distribution. Necurs has been known to deliver a variety of malicious payloads, from pump-and-dump stock scams to Locky ransomware to the Dridex banking Trojan. The most common techniques are email attachments with macros or JavaScript to download malware from different locations.

Spam botnets are one of the pillars of the cybercrime business. The authors of these botnets understand their market value and spend their rental income on continuous development. Their work keeps the infrastructure running, creates ever-changing spam messages, and delivers these messages to your inbox—with many avoiding spam blockers. This cybercrime effort should inspire your organization to discuss the implementation of DMARC (domain-based message authentication, reporting & conformance).