Necurs Botnet Targets Users With Old-School Stock Scam

A well-known botnet appears to have woken up from a recent slumber, prompting a significant rise in the global amount of spam being sent out.

According to researchers at Sophos’ Naked Security, the global volume of spam dropped by more than half just before Christmas and continued to stay at around the same level, believed to be due to the notorious Necurs botnet going quiet.

Researcher Paul Ducklin suggested that the criminals behind the botnet had knowingly taken it offline “for an as-yet unknown reason that could range anywhere from going on vacation to lying low from law enforcement or some rival gang”.

Stock scam

However, this week the spam volume jumped back up to approximately half the level of the pre-Christmas peaks and five times higher than the “background spam rate”, suggesting that Necurs is up and running again.

The new scam being sent out is called a ‘pump-and-dump,’ one that hasn’t been seen for some time due to its relative ineffectiveness compared to other scams such as phishing emails containing malicious attachments that have generated huge sums of money for cyber crooks.

Instead, Ducklin explained, the scammers try to persuade their targets into buying shares by advertising a ‘once-in-a-lifetime’ opportunity for an obscure stock, which in this case was for a media company called InCapta, Inc (INCT).

“The theory is that if you pick a cheap stock, concoct a believable story to talk it up, and buy in just before your victims start receiving their emails then your initial bulk purchase will push the stock up a bit, add veracity to your claims that the stock will soon be flying, and encourage more and more victims to buy into the scam, pumping up the stock further and further.”

The scammers will then sell their stock for a hefty profit, while the victims are left with their own shares which will likely decrease back down to their original value.

Ducklin’s advice is to always ignore unsolicited bulk emails that swear you to secrecy and warns that if it sounds too good to be true, then it probably is.

Quiz: Cyber security in 2017