Saturday, June 14, 2025
HomeSecurity NewsBeware!! 230 Million Necurs Botnet Sending as Valentine's Day Dating Spam Messages...

Beware!! 230 Million Necurs Botnet Sending as Valentine’s Day Dating Spam Messages With Malware

Published on

SIEM as a Service

Follow Us on Google News

Necurs bot which is one of the biggest bot and well know for distributing Ransomware, spam emails and bank bots. In the past, it is responsible for spreading various ransomware like JAFF Ransomware, banking trojan. In the current campaign, it sends Valentine’s Day Spam Messages.

With its current campaign Necurs sents more than 230 million dating spam messages and it started in the mid of January 2018 and ended on Feb. 3.

Security researchers from IBM X-Force tracked the spam campaign, it sents more than 30 million emails a day, the current campaign delivers short email blurbs from supposed Russian women living in the U.S. While typical spam email is notorious for bad spelling and grammar, these samples are rather well-worded.

The first campaign started on Jan. 16 and ran up to Jan. 18, next wave from Jan. 27 and died on Feb 3.

- Advertisement - Google News

Also read Necurs Spam Botnet Back in Business Spreading Scarab Ransomware

Researchers said the campaign targetting the users of Facebook or Badoo, based on the messages indicated. The bot uses more than 950,000 IP’s to deliver Valentine’s Day Spam messages.

Valentine's Day Spam

Spam emails contain only the basic text, which may not convince many people. The top spam-sending IP is hosted via a Pakistani-based ISP and it sents more than 655 times.

Valentine's Day Spam

More than 55% of IPs that involved in sending spam messages hosted in India and Vietnam. Attackers continuously changing IP address to avoid blacklists and blocking.

Botnets always keep on changing the methods they spread and always keep finding new ways by varying file types and email policies.

How to stay safe – Valentine’s Day Spam

1. Have a unique Email address.
2. Do not open any attachments without proper validation.
3. Don’t open emails voluntary emails.
4. Use Spam filters & Antispam gateways.
5. Never respond to any spam emails.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Don’t Click “Unsubscribe” links blindly It May Leads to Loss of Credentials

Imagine your inbox is overflowing with promotional emails—some from familiar companies, others less so....

ConnectWise to Update Code Signing Certificates for ScreenConnect, Automate, and RMM

ConnectWise, a leading provider of remote management and cyber protection tools for managed service...

ESET Details on How to Manage Your Digital Footprint

ESET, a leading cybersecurity firm, has shed light on the intricate nature of digital...