Categories: Security

Malware Levels Drop As Huge Botnet Goes Offline

One of the largest networks of compromised systems on the Internet has mysteriously gone dark in recent days, leading to a noticeable fall-off in the distribution of spam and malware, computer security researchers have found.

Several IT security firms have confirmed that Necurs, which is believed to be one of the biggest botnets in existence, controlling several million compromised computers, went offline on June 1.

Spam and malware campaigns

Botnets are generally formed when a computer is compromised by a particular piece of malware that links it to a control server, which then commonly uses it to send spam and malicious code. Computer users are generally unaware that their system belongs to the botnet and is carrying out malicious activity.

Security firm Proofpoint observed that two of the largest malicious email campaigns to date, sending malware known as Dridex and a piece of ransomware called Locky, dwindled away almost to nothing on June 1. They found that the campaigns’ disappearance corresponded to the Necurs outage, and concluded that the malicious messages were mostly sent via that botnet.

“This confirmed our suspicion that the threat actors behind Locky ransomware and Dridex banking Trojans have been using the Necurs botnet to distribute their massive email campaigns,” Proofpoint said in an advisory.

Proofpoint said that the compromised systems that made up the botnet have since June 1 been observed actively searching for a new command system, indicating that the control servers previously used had disappeared.

Loading ...

Mystery outage

Anubis Networks and other IT security firms also reported that the command server seemed to have gone offline.

“We have no evidence that the Necurs botmaster has been able to retake control of the botnet,” Proofpoint wrote.

As yet researchers are unable to explain what might have happened to Necurs, which has been in operation for several years. However, the re-establishment of control systems is often a slow process, Proofpoint said.

“For P2P botnets in general, reestablishing connections between compromised PCs and new command-and-control infrastructure is a gradual process as new command-and-control information propagates,” the company stated.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Supreme Court Permits Nvidia Investor Lawsuit To Proceed

Setback for Nvidia after Supreme Court rules class-action lawsuit against AI chip giant for misleading…

13 hours ago

TikTok Files Challenge Against Canadian Shutdown Order

Notice filed in federal court to challenge Canadian government order to shutdown TikTok's Canada's operations

15 hours ago

Apple Intelligence Launches In UK, Siri Integrated With ChatGPT

Users of the iPhone 15 and later in the UK can now experience Apple Intelligence,…

17 hours ago

US Awards Micron $6.1 Billion From US Chips Act

Biden administration awards $6.1 billion subsidy from US Chips Act for Micron's Idaho and and…

18 hours ago

California Mulls Health Warnings For Social Media Sites

Bill (if passed) could see California become the first US state to require mental health…

21 hours ago

GM Kills Cruise Robotaxi Business, After Funding Is Pulled

General Motors kills Cruise robotaxi ambitions, after halting funding for the loss-making autonomous vehicle unit

22 hours ago