Its not only Spam bot, but peace of malware that is
The DDoS capability was added almost six months ago via Necurs’ new Proxy module.
An underlying investigation of the module arranged it as an on-request intermediary server that could malicious traffic through infected hosts, by means of HTTP, SOCKSv4, and SOCKSv5 intermediary conventions.
In the event that Necurs could ever choose to utilize its bots for a DDoS assault, the size of such an assault would be past some other DDoS assault we’ve found before.
For most of its lifespan, the authors of the Necurs botnet have used it to send spam from infected hosts, usually carrying the Dridex banking trojan, and more recently the Locky ransomware.
“The proxy/DDoS module is quite old,” said MalwareTech, a security researcher that has tracked Necurs’ evolution for years. “I imagine it was put in as a potential revenue stream but then they found there was more money in spam.”
Outside a higher revenue stream the Necurs gang stands to earn from spam, we must also take into consideration other reasons why it’s highly unlikely that we’re going to see DDoS attacks from Necurs.
Necurs creators have put time and cash into building up an expert, very much oiled digital cyber-crime machine. There is no motivation to chance their unfaltering income stream only for running a DDoS-for-contract benefit from which they have just to lose.
Scientifically, it looks bad to pulverize three income streams (Dridex, Locky, and rentable spamming administration) only for making and supporting a DDoS booter benefit.
Once the module is loaded by the bot, it performs the following initialization actions:
The hacker group UTG-Q-015, first identified in December 2024 for mounting attacks on major websites…
Security Information and Event Management (SIEM) platforms are essential for detecting, analyzing, and responding to…
As part of its ongoing commitment to product security, Dell Technologies has released a significant…
A groundbreaking study by NETSCOUT, utilizing data from their honeypot systems designed to capture unsolicited…
Victoria’s Secret, the iconic lingerie retailer, has taken its US website offline and suspended some…
Trellix's email security systems detected a highly targeted spear-phishing campaign aimed at CFOs and finance…
View Comments