Categories: Security

Malware Levels Drop As Huge Botnet Goes Offline

One of the largest networks of compromised systems on the Internet has mysteriously gone dark in recent days, leading to a noticeable fall-off in the distribution of spam and malware, computer security researchers have found.

Several IT security firms have confirmed that Necurs, which is believed to be one of the biggest botnets in existence, controlling several million compromised computers, went offline on June 1.

Spam and malware campaigns

Botnets are generally formed when a computer is compromised by a particular piece of malware that links it to a control server, which then commonly uses it to send spam and malicious code. Computer users are generally unaware that their system belongs to the botnet and is carrying out malicious activity.

Security firm Proofpoint observed that two of the largest malicious email campaigns to date, sending malware known as Dridex and a piece of ransomware called Locky, dwindled away almost to nothing on June 1. They found that the campaigns’ disappearance corresponded to the Necurs outage, and concluded that the malicious messages were mostly sent via that botnet.

“This confirmed our suspicion that the threat actors behind Locky ransomware and Dridex banking Trojans have been using the Necurs botnet to distribute their massive email campaigns,” Proofpoint said in an advisory.

Proofpoint said that the compromised systems that made up the botnet have since June 1 been observed actively searching for a new command system, indicating that the control servers previously used had disappeared.

Loading ...

Mystery outage

Anubis Networks and other IT security firms also reported that the command server seemed to have gone offline.

“We have no evidence that the Necurs botmaster has been able to retake control of the botnet,” Proofpoint wrote.

As yet researchers are unable to explain what might have happened to Necurs, which has been in operation for several years. However, the re-establishment of control systems is often a slow process, Proofpoint said.

“For P2P botnets in general, reestablishing connections between compromised PCs and new command-and-control infrastructure is a gradual process as new command-and-control information propagates,” the company stated.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago