One of the largest networks of compromised systems on the Internet has mysteriously gone dark in recent days, leading to a noticeable fall-off in the distribution of spam and malware, computer security researchers have found.
Several IT security firms have confirmed that Necurs, which is believed to be one of the biggest botnets in existence, controlling several million compromised computers, went offline on June 1.
Botnets are generally formed when a computer is compromised by a particular piece of malware that links it to a control server, which then commonly uses it to send spam and malicious code. Computer users are generally unaware that their system belongs to the botnet and is carrying out malicious activity.
Security firm Proofpoint observed that two of the largest malicious email campaigns to date, sending malware known as Dridex and a piece of ransomware called Locky, dwindled away almost to nothing on June 1. They found that the campaigns’ disappearance corresponded to the Necurs outage, and concluded that the malicious messages were mostly sent via that botnet.
“This confirmed our suspicion that the threat actors behind Locky ransomware and Dridex banking Trojans have been using the Necurs botnet to distribute their massive email campaigns,” Proofpoint said in an advisory.
Proofpoint said that the compromised systems that made up the botnet have since June 1 been observed actively searching for a new command system, indicating that the control servers previously used had disappeared.
Anubis Networks and other IT security firms also reported that the command server seemed to have gone offline.
“We have no evidence that the Necurs botmaster has been able to retake control of the botnet,” Proofpoint wrote.
As yet researchers are unable to explain what might have happened to Necurs, which has been in operation for several years. However, the re-establishment of control systems is often a slow process, Proofpoint said.
“For P2P botnets in general, reestablishing connections between compromised PCs and new command-and-control infrastructure is a gradual process as new command-and-control information propagates,” the company stated.
Are you a security pro? Try our quiz!
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…
Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…