The Necurs Botnet: A Pandora’s Box of Malicious Spam

This is the tale of a cybercrime botnet operation that, within about five years of its existence, has been named one of the largest botnets in the world.

It’s called the Necurs botnet. It militarizes up to 6 million zombie endpoints, delivers some of the worst banking Trojans and ransomware threats in batches of millions of emails at a time, and it keeps reinventing itself. The bottom line is that Necurs is indirectly responsible for a major chunk of cybercrime and the losses it produces. According to reports, cybercrime damages are expected to cost the world $6 trillion by 2021. This magnitude alone makes it worthwhile to get to know more about one the top players in that nefarious game.

Necurs: The Nitty Gritty

Cybercrime history has had its share of malicious botnets and evil infrastructure in the past two decades, including Grum, Storm and Conficker. But while most past cases were single-flavored in terms of their lifetime vocation, one resilient and active example definitely stands out: the multipurpose Necurs botnet.

Necurs emerged in 2012 as an infector and rootkit, and quickly partnered with elite cybercrime gangs to become part of the top spamming and infection forces in the malware realm. Unlike most botnets, Necurs stands out due to its technical complexity, partnership diversity and continued evolution in an era when even the most complex malicious infrastructures can no longer withstand disruption.

In the past year alone, we have seen Necurs take on various roles. Linked with the spam distribution of the Dridex gang, it is used to spread one of the world’s most nefarious banking Trojans. It also moved to mass distributing Locky, Dridex’s ransomware child, then added distributed denial-of-service (DDoS) attacks. Most recently, Necurs moved to pump-and-dump stock scam distribution before returning to spreading millions of Dridex-laden spam emails a day.

This article will take you through the history of Necurs, a botnet dubbed “one of the world’s largest spam botnets.” It will take you down the rabbit hole of its evil partnerships with the most infamous cybercrime gangs, including Necurs’ varying current activity, which was recently renewed with a couple of peculiar surprises…

Read the rest of this detailed blog post on Necurs here.