Necurs bot which is one of the biggest bot and well know for distributing Ransomware, spam emails and bank bots. In the past, it is responsible for spreading various ransomware like JAFF Ransomware, banking trojan. In the current campaign, it sends Valentine’s Day Spam Messages.
With its current campaign Necurs sents more than 230 million dating spam messages and it started in the mid of January 2018 and ended on Feb. 3.
Security researchers from IBM X-Force tracked the spam campaign, it sents more than 30 million emails a day, the current campaign delivers short email blurbs from supposed Russian women living in the U.S. While typical spam email is notorious for bad spelling and grammar, these samples are rather well-worded.
The first campaign started on Jan. 16 and ran up to Jan. 18, next wave from Jan. 27 and died on Feb 3.
Also read Necurs Spam Botnet Back in Business Spreading Scarab Ransomware
Researchers said the campaign targetting the users of Facebook or Badoo, based on the messages indicated. The bot uses more than 950,000 IP’s to deliver Valentine’s Day Spam messages.
Spam emails contain only the basic text, which may not convince many people. The top spam-sending IP is hosted via a Pakistani-based ISP and it sents more than 655 times.
More than 55% of IPs that involved in sending spam messages hosted in India and Vietnam. Attackers continuously changing IP address to avoid blacklists and blocking.
Botnets always keep on changing the methods they spread and always keep finding new ways by varying file types and email policies.
How to stay safe – Valentine’s Day Spam
1. Have a unique Email address.
2. Do not open any attachments without proper validation.
3. Don’t open emails voluntary emails.
4. Use Spam filters & Antispam gateways.
5. Never respond to any spam emails.
