Significant drop in Necurs botnet mailings

According to Kaspersky Lab’s “Spam and phishing in Q1 2017” report, the world’s largest spam botnet, Necurs, demonstrated a relative decline in its fraudulent mailshot traffic. In December 2016, Kaspersky Lab’s spam traps detected over 35 million fraudulent mailshots but in March 2017 that number fell to almost 7,000.

The Kaspersky Lab spam report also identified the following trends in the first quarter of 2017:

  • Global share of spam amounted to almost 56% of Q1 email traffic on average, compared to 59.9% in Q4 2016.
  • Total amount of malware attachments in email traffic decreased by 2.4 times, compared to the previous quarter.
  • More than half of all phishing attacks targeted the financial sector, including banks (almost 26%), payment systems (over 13%) and online shops (almost 11%).

“At the beginning of 2017 we witnessed a number of changes in spam flows, including a sharp drop in the number of malicious mass mailings from the world’s largest spam botnet. Amid this, the spam threat actors are gaining new footholds in anti-detection tricks and techniques, capturing legal communication platforms and password-protected attachments. Most likely this trend will continue, with documents protected by passwords considered trusted in the eyes of a victim. Moreover, these documents and not able to be scanned by the IT security solution,” said Darya Gudkova, Spam Analyst Expert at Kaspersky Lab.

In 2016, Kaspersky Lab researchers identified a sharp increase in spam with malicious attachments, primarily with encryptors. Most of this traffic came from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, at the end of December 2016, the network practically stopped, and not just for the Christmas holidays. The botnet’s spam was at a very low level for almost the entire first quarter of 2017.

Apparently, criminals were scared by increased hype around the encryptors and decided to suspend mass mailings. However, this decision is unlikely to result in the extinction of this attack vector.


Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


The free newsletter covering the top industry headlines