Necurs Botnet: From Sending Email With Ransomware to SPAM Pump&Dump
Necurs is one of the largest botnets in the world. It's notably known for spreading malware like Locky and Dridex cryptolockers. In 2016 was responsible for more than 90% of the malware spread by email. Last December, Necurs went silent and since then no email activity containing this malware was observed until March, 22.
In the following 24 hours Necurslaunched two bursts of emails containing spam. This huge botnet has a worldwide distribution:
This spam wave is only a plain text message. No attachments, no URLs only a message tipping you about an imminent acquisition of “Incapta Incorporated”.
As a result, Incapta Incorporated stock spiked. Some hours later another burst another message with similar content and this kept the stocks at a high value.
Today similar waves are still hitting our spam traps. It’s not a sustained peak, but the botnet is still sending spam en masse.
This kind of spam is known as “Pump & Dump” and is not new, even for Necurs. However this SPAM Pump&Dump is a change for what we were seeing coming from Necurs in the last few months.
One thing is for sure:Necursbotnet is back in action whether ransomware or pump & dump spam.
Email Security Expert at AnubisNetworks. José is the email security expert that is always seeking and research for new features to help companies to protect against advanced cyber threats. With an extensive experience of email security, specifically dealing with high volume email processing and anti-spam/anti-fraud techniques, he’s responsible for all the innovation at the AnubisNetworks email security solutions.