A mid-January spam campaign by criminals behind the
popular Necurs botnet shows a dramatic drop in skill and savvy by perpetrators. In a shift from sending sophisticated messages with lethal payloads, Necurs botnets are now peddling get-rich-quick spam within what researchers are calling “amateur” campaigns.
The lowering of the Necurs bar, according to IBM X-Force researchers, is tied to the fact cybergangs are attempting to up their game and adopt new and more sophisticated attacks that are harder to defend against and spending less time cooking up deadly Necurs-based spam attacks.
Necurs, a prolific and globally dispersed spam and malware distribution botnet, has long been a formidable threat since it was first spotted in 2012. The botnet’s popularity stems from its ability to sneak past spam filters, resulting in high infection rates for its cybercrime clientele and the spreading of malware GameOver Zeus, Dridex, Loki and TrickBot.
However, researchers say that a desire for more targeted attacks and a stronger foothold in networks has forced adversaries over the past year to turn away from Necurs in favor of alternative malware. Most notably, cybercrime groups are now eyeing Emotet as a preferred means of attack over Necurs. Emotet started out as a banking trojan but eventually evolved into a botnet used to distribute malware in enterprise attacks.
“Things are changing and with major banking Trojan botnets moving away from Necurs and to distribution through inter-gang collaborations, Necurs has been left behind to distribute amateur spam campaigns in high volumes,” IBM X-Force researchers said in a
Monday post.
