MOST POPULAR TOPICS

José Borges Ferreira By José Borges Ferreira • April 3, 2017

Necurs Botnet: From Sending Email With Ransomware to SPAM Pump&Dump

Necurs is one of the largest botnets in the world. It's notably known for spreading malware like Locky and Dridex cryptolockers. In 2016 was responsible for more than 90% of the malware spread by email. Last December, Necurs went silent and since then no email activity containing this malware was observed until March, 22.    

In the following 24 hours Necurs launched two bursts of emails containing spamThis huge botnet has a worldwide distribution:

This spam wave is only a plain text message. No attachments, no URLs  only a message tipping you about an imminent acquisition of “Incapta Incorporated”.

Necurs_Incapta_Incorporated.png

As a result, Incapta Incorporated stock spiked. Some hours later another burst another message with similar content and this kept the stocks at a high value.

Today similar waves are still hitting our spam traps. It’s not a sustained peak, but the botnet is still sending spam en masse.

Necurs_Botnet_Waves

This kind of spam is known as Pump & Dump and is not new, even for Necurs. However this SPAM Pump&Dump is a change for what we were seeing coming from Necurs in the last few months.

One thing is for sure: Necurs botnet is back in action whether ransomware or pump & dump spam.

Free MPS Demo

Author: José Borges Ferreira

Email Security Expert at AnubisNetworks. José is the email security expert that is always seeking and research for new features to help companies to protect against advanced cyber threats. With an extensive experience of email security, specifically dealing with high volume email processing and anti-spam/anti-fraud techniques, he’s responsible for all the innovation at the AnubisNetworks email security solutions.

Find me on: