Categories: Security

Malware Levels Drop As Huge Botnet Goes Offline

One of the largest networks of compromised systems on the Internet has mysteriously gone dark in recent days, leading to a noticeable fall-off in the distribution of spam and malware, computer security researchers have found.

Several IT security firms have confirmed that Necurs, which is believed to be one of the biggest botnets in existence, controlling several million compromised computers, went offline on June 1.

Spam and malware campaigns

Botnets are generally formed when a computer is compromised by a particular piece of malware that links it to a control server, which then commonly uses it to send spam and malicious code. Computer users are generally unaware that their system belongs to the botnet and is carrying out malicious activity.

Security firm Proofpoint observed that two of the largest malicious email campaigns to date, sending malware known as Dridex and a piece of ransomware called Locky, dwindled away almost to nothing on June 1. They found that the campaigns’ disappearance corresponded to the Necurs outage, and concluded that the malicious messages were mostly sent via that botnet.

“This confirmed our suspicion that the threat actors behind Locky ransomware and Dridex banking Trojans have been using the Necurs botnet to distribute their massive email campaigns,” Proofpoint said in an advisory.

Proofpoint said that the compromised systems that made up the botnet have since June 1 been observed actively searching for a new command system, indicating that the control servers previously used had disappeared.

Loading ...

Mystery outage

Anubis Networks and other IT security firms also reported that the command server seemed to have gone offline.

“We have no evidence that the Necurs botmaster has been able to retake control of the botnet,” Proofpoint wrote.

As yet researchers are unable to explain what might have happened to Necurs, which has been in operation for several years. However, the re-establishment of control systems is often a slow process, Proofpoint said.

“For P2P botnets in general, reestablishing connections between compromised PCs and new command-and-control infrastructure is a gradual process as new command-and-control information propagates,” the company stated.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

3 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

4 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

5 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

7 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

10 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

10 hours ago