Story image

Necurs botnet erupts from dormancy to churn out 100,000 spam emails over Easter

05 Apr 2018

One of the world’s largest spam botnets is back in action and this time it is spreading a Trojan downloader that can deliver a number of nasty malware surprises.

Just prior to Easter weekend, the Necurs botnet ramped up its activity by churning out approximately 100,000 emails in a single day. A few days prior, approximately 5000 emails were sent out.

The activity follows what Check Point dubbed a ‘relatively quiet’ month for the botnet.

“The low volumes seen at the earlier date indicate that that may have been an initial test before the main wave emerged.”

The spam emails mimicked purchase orders or document copies – two of the most common malware delivery methods.  The sender’s email address follows a similar pattern and begins with ‘netadmin’, Check Point explains in a blog.

“The emails have an attached archive containing a file with a URL. The URL files communicate with hosts in order to download an additional WSF file containing obfuscated JavaScript. This script is used to retrieve a QuantLoader payload, which, in turn, may download additional executables.”

Check Point notes that the Necurs botnet is notorious for distributing a number of malware families in the past, including both the Locky, Globe and Jaff ransomwares.

Because the Necurs botnet has suddenly engaged in a flurry activity after being dormant, it demonstrates how manware can quickly re-emerge.

“Despite Necurs being well known to the security community, hackers are still enjoying success distributing malware with this highly effective infection vehicle,” Check Point says.

In November last year researchers spotted cybercriminals who were using Necurs to distribute the Scarab ransomware – a relatively new ransomware variant first discovered in June 2017.

Necurs also featured eighth in Check Point’s ‘most wanted’ malware for the month of December 2017.

“Necurs botnet started mass distribution of Scarab during the U.S. Thanksgiving holiday, sending over 12 million emails in a single morning,” Check Point says.

“This reinforces the need for advanced threat prevention technologies and a multi-layered cybersecurity strategy that protects against both previously encountered, established malware families as well as brand new, zero-day threats.”

Check Point’s ThreatCloud intelligence is a collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors.

The ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.