Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.
For most of these months, Necurs has spent its time churning out "lonely girl" spam lures for adult websites, pump-and-dump schemes [1, 2], and delivering ransomware payloads. Overall, nearly two out of three spam emails sent in the last quarter of 2017 were sent from the infrastructure of this mammoth botnet.
Second on the list was the Gamut botnet, also built on Windows machines infected with malware that hijacks systems to send out spam. Gamut —while smaller in size when compared to Necurs— had previously been more active in Q3, sending more spam than the aforementioned.
In Q4, Gamut activity went down, but the botnet still accounted for 37% of all email spam, compared to Necurs' 60%. Most of Gamut's email subjects were related to job offer–themed phishing and money mule recruitment (tricking people to buy products with stolen money and sending the products to crooks; relaying money from hijacked bank accounts to crooks' accounts).